Lucene search

K
MaxdevMdpro

6 matches found

CVE
CVE
added 2007/07/21 12:30 a.m.38 views

CVE-2007-3938

SQL injection vulnerability in index.php in MAXdev MDPro (MD-Pro) 1.0.8x and earlier before 20070720 allows remote attackers to execute arbitrary SQL commands via the topicid parameter in a view action in the Topics module, a different vulnerability than CVE-2006-1676.

7.5CVSS8.2AI score0.01023EPSS
CVE
CVE
added 2009/07/27 6:30 p.m.36 views

CVE-2009-2618

SQL injection vulnerability in the Surveys (aka NS-Polls) module in MDPro (MD-Pro) 1.083.x allows remote attackers to execute arbitrary SQL commands via the pollID parameter in a results action to modules.php.

7.5CVSS8.6AI score0.00305EPSS
CVE
CVE
added 2007/01/31 6:28 p.m.35 views

CVE-2007-0623

SQL injection vulnerability in index.php in MAXdev MDPro 1.0.76 allows remote attackers to execute arbitrary SQL commands via the startrow parameter.

7.5CVSS8.4AI score0.01415EPSS
CVE
CVE
added 2007/10/05 12:17 a.m.33 views

CVE-2007-5222

SQL injection vulnerability in index.php in MAXdev MDPro (MD-Pro) 1.0.76 allows remote attackers to execute arbitrary SQL commands via a "Firefox ID=" substring in a Referer HTTP header.

7.5CVSS8.3AI score0.00915EPSS
CVE
CVE
added 2007/03/06 1:19 a.m.31 views

CVE-2006-7112

Directory traversal vulnerability in error.php in MD-Pro 1.0.76 and earlier allows remote authenticated users to read and include arbitrary files via the PNSVlang cookie, as demonstrated by uploading a GIF image using AddDownload or injecting PHP code into a log file, then accessing it.

6CVSS7AI score0.01713EPSS
CVE
CVE
added 2007/01/31 6:28 p.m.29 views

CVE-2007-0624

user.php in MAXdev MDPro 1.0.76 allows remote attackers to obtain the full path via a ' (quote) character, and possibly other invalid values, in the uname parameter in a userinfo operation.

5CVSS6.6AI score0.00319EPSS