Md-pro Security Vulnerabilities and Issues — Md-pro CVE List

Lucene search

MaxdevMd-pro

3 matches found

CVE•added 2006/04/11 12:2 a.m.•38 views

CVE-2006-1676

SQL injection vulnerability in the display function in the Topics module for MAXdev MDPro (MD-Pro) 1.0.73 and 1.0.72, and possibly other versions before 1.076, allows remote attackers to execute arbitrary SQL commands via the topicid parameter in a display action, which is not properly handled in P...

6.4CVSS8.4AI score0.00544EPSS

CVE•added 2006/04/11 12:2 a.m.•33 views

CVE-2006-1677

MAXdev MDPro 1.0.73 and 1.0.72, and possibly other versions before 1.076, allows remote attackers to obtain the full path of the server via a direct request to includes/legacy.php.

6.4CVSS6.7AI score0.00647EPSS

CVE•added 2006/09/23 10:7 a.m.•30 views

CVE-2006-4964

Cross-site scripting (XSS) vulnerability in MAXdev MDPro 1.0.76 before 20060918 allows remote attackers to inject arbitrary web script or HTML via (1) vectors that bypass the XSS protection mechanisms of the pnVarCleanFromInput function, and (2) unspecified vectors related to the AntiCracker.

6.8CVSS5.5AI score0.00516EPSS