CVE-2006-6869

Affects MAXdev MDForum 2.0.1 and earlier. The vulnerability is in includes/search/search_mdforum.php where, if magic_quotes_gpc is disabled and register_globals is enabled, an attacker can cause local file inclusion and code execution by injecting a .. in the PNSVlang cookie to error.php, demonst...

CVE-2009-4577

The CVE-2009-4577 issue affects MAXdev MDPro’s MDForum module (version 2.x up to 2.07). The vulnerability is a SQL injection in the MDForum component, exploitable via the c parameter to index.php, allowing remote attackers to execute arbitrary SQL commands. PT-2010-1396 details confirm the affect...