CVE-2007-0623 - SQL injection vulnerability in index.php in MAXdev MDPro 1.0.76 allows remote attackers to execute a

CVE-2007-0623

Summary

SQL injection vulnerability in index.php in MAXdev MDPro 1.0.76 allows remote attackers to execute arbitrary SQL commands via the startrow parameter.

References

Vulnerable Configurations

cpe:2.3:a:maxdev:mdpro:1.0.76:*:*:*:*:*:*:*
cpe:2.3:a:maxdev:mdpro:1.0.76:*:*:*:*:*:*:*

CVSS

CWE

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	22293
bugtraq	20070129 MDPro 1.0.76 - Multiple Remote Vulnerabilities
osvdb	33011 33612
secunia	23948
sreason	2198
vupen	ADV-2007-0412
xf	mdpro-startrow-sql-injection(31897)

Last major update

16-10-2018 - 16:33

Published

31-01-2007 - 18:28

Last modified

16-10-2018 - 16:33