CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2007-0624
https://notcve.org/view.php?id=CVE-2007-0624
user.php in MAXdev MDPro 1.0.76 allows remote attackers to obtain the full path via a ' (quote) character, and possibly other invalid values, in the uname parameter in a userinfo operation. user.php en el MAXdev MDPro 1.0.76 permite a atacantes remotos obtener la ruta (path) completa mediante la inclusión de una ' (comilla) y, posiblemente, otros valores no válidos, en el parámetro uname en la operación userinfo. • http://osvdb.org/33613 http://securityreason.com/securityalert/2198 http://www.securityfocus.com/archive/1/458438/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/31898 •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 2CVE-2007-0623 – MDPro 1.0.76 - 'index.php' SQL Injection
https://notcve.org/view.php?id=CVE-2007-0623
SQL injection vulnerability in index.php in MAXdev MDPro 1.0.76 allows remote attackers to execute arbitrary SQL commands via the startrow parameter. Vulnerabilidad de inyección SQL en index.php de MAXdev MDPro 1.0.76 permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro startrow. • https://www.exploit-db.com/exploits/29537 http://osvdb.org/33011 http://osvdb.org/33612 http://secunia.com/advisories/23948 http://securityreason.com/securityalert/2198 http://www.securityfocus.com/archive/1/458438/100/0/threaded http://www.securityfocus.com/bid/22293 http://www.vupen.com/english/advisories/2007/0412 https://exchange.xforce.ibmcloud.com/vulnerabilities/31897 •