Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by vendor Maxdev Subscribe
Filtered by product Mdpro
Total 7 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-0623 1 Maxdev 1 Mdpro 2018-10-16 7.5 HIGH N/A
SQL injection vulnerability in index.php in MAXdev MDPro 1.0.76 allows remote attackers to execute arbitrary SQL commands via the startrow parameter.
CVE-2007-0624 1 Maxdev 1 Mdpro 2018-10-16 5.0 MEDIUM N/A
user.php in MAXdev MDPro 1.0.76 allows remote attackers to obtain the full path via a ' (quote) character, and possibly other invalid values, in the uname parameter in a userinfo operation.
CVE-2006-7112 1 Maxdev 1 Mdpro 2017-10-10 6.0 MEDIUM N/A
Directory traversal vulnerability in error.php in MD-Pro 1.0.76 and earlier allows remote authenticated users to read and include arbitrary files via the PNSVlang cookie, as demonstrated by uploading a GIF image using AddDownload or injecting PHP code into a log file, then accessing it.
CVE-2007-3938 1 Maxdev 1 Mdpro 2017-09-28 7.5 HIGH N/A
SQL injection vulnerability in index.php in MAXdev MDPro (MD-Pro) 1.0.8x and earlier before 20070720 allows remote attackers to execute arbitrary SQL commands via the topicid parameter in a view action in the Topics module, a different vulnerability than CVE-2006-1676.
CVE-2007-5222 1 Maxdev 1 Mdpro 2017-09-28 7.5 HIGH N/A
SQL injection vulnerability in index.php in MAXdev MDPro (MD-Pro) 1.0.76 allows remote attackers to execute arbitrary SQL commands via a "Firefox ID=" substring in a Referer HTTP header.
CVE-2009-2618 1 Maxdev 1 Mdpro 2017-09-18 7.5 HIGH N/A
SQL injection vulnerability in the Surveys (aka NS-Polls) module in MDPro (MD-Pro) 1.083.x allows remote attackers to execute arbitrary SQL commands via the pollID parameter in a results action to modules.php.
CVE-2009-4577 1 Maxdev 2 Mdforum, Mdpro 2017-08-16 7.5 HIGH N/A
SQL injection vulnerability in the MDForum module 2.x through 2.07 for MAXdev MDPro allows remote attackers to execute arbitrary SQL commands via the c parameter to index.php.