CVE-2006-1676
published 2006-04-11CVE-2006-1676: SQL injection vulnerability in the display function in the Topics module for MAXdev MDPro (MD-Pro) 1.0.73 and 1.0.72, and possibly other versions before 1.076…
PriorityP335medium6.4CVSS 2.0
AVNACLAuNCPIPAN
EXPLOIT
EPSS
1.22%
65.0th percentile
SQL injection vulnerability in the display function in the Topics module for MAXdev MDPro (MD-Pro) 1.0.73 and 1.0.72, and possibly other versions before 1.076, allows remote attackers to execute arbitrary SQL commands via the topicid parameter in a display action, which is not properly handled in PNuserapi.PHP.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| maxdev | md-pro | <= 1.0.75 | — |
| maxdev | md-pro | — | — |
| maxdev | md-pro | — | — |
| maxdev | mdpro | <= 1.0.8x | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5h72-mqr4-8c7r: SQL injection vulnerability in index
ghsa_unreviewed·2022-05-01·CVSS 6.4
CVE-2007-3938 [MEDIUM] CWE-89 GHSA-5h72-mqr4-8c7r: SQL injection vulnerability in index
SQL injection vulnerability in index.php in MAXdev MDPro (MD-Pro) 1.0.8x and earlier before 20070720 allows remote attackers to execute arbitrary SQL commands via the topicid parameter in a view action in the Topics module, a different vulnerability than CVE-2006-1676.
GHSA
GHSA-cv7v-fxjm-m85x: SQL injection vulnerability in the display function in the Topics module for MAXdev MDPro (MD-Pro) 1
ghsa_unreviewed·2022-05-01
CVE-2006-1676 [MEDIUM] CWE-89 GHSA-cv7v-fxjm-m85x: SQL injection vulnerability in the display function in the Topics module for MAXdev MDPro (MD-Pro) 1
SQL injection vulnerability in the display function in the Topics module for MAXdev MDPro (MD-Pro) 1.0.73 and 1.0.72, and possibly other versions before 1.076, allows remote attackers to execute arbitrary SQL commands via the topicid parameter in a display action, which is not properly handled in PNuserapi.PHP.
No detection rules found.
No writeups or analysis indexed.
http://secunia.com/advisories/19578http://www.maxdev.com/Article592.phtmlhttp://www.securityfocus.com/archive/1/430370/100/0/threadedhttp://www.securityfocus.com/archive/1/437831/100/100/threadedhttp://www.securityfocus.com/bid/17399http://www.vupen.com/english/advisories/2006/1282https://exchange.xforce.ibmcloud.com/vulnerabilities/25710http://secunia.com/advisories/19578http://www.maxdev.com/Article592.phtmlhttp://www.securityfocus.com/archive/1/430370/100/0/threadedhttp://www.securityfocus.com/archive/1/437831/100/100/threadedhttp://www.securityfocus.com/bid/17399http://www.vupen.com/english/advisories/2006/1282https://exchange.xforce.ibmcloud.com/vulnerabilities/25710
2006-04-11
Published