cbcvebase.
CVE-2006-1676
published 2006-04-11

CVE-2006-1676: SQL injection vulnerability in the display function in the Topics module for MAXdev MDPro (MD-Pro) 1.0.73 and 1.0.72, and possibly other versions before 1.076…

PriorityP335medium6.4CVSS 2.0
AVNACLAuNCPIPAN
EXPLOIT
EPSS
1.22%
65.0th percentile
SQL injection vulnerability in the display function in the Topics module for MAXdev MDPro (MD-Pro) 1.0.73 and 1.0.72, and possibly other versions before 1.076, allows remote attackers to execute arbitrary SQL commands via the topicid parameter in a display action, which is not properly handled in PNuserapi.PHP.

Affected

4 ranges
VendorProductVersion rangeFixed in
maxdevmd-pro<= 1.0.75
maxdevmd-pro
maxdevmd-pro
maxdevmdpro<= 1.0.8x
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.