CVE-2006-5564

MAXdev MD-Pro < 1.0.76 - Cross-Site Scripting via user.php op Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-5564. PoCs published by r00t.

AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in MAXdev MD-Pro 1.0.76, where user-supplied input is not properly sanitized. The example URL demonstrates how an attacker could inject arbitrary script code via the 'op' parameter.

Description

Cross-site scripting (XSS) vulnerability in user.php in MAXdev MD-Pro 1.0.76 allows remote attackers to inject arbitrary web script or HTML via the op parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.

Exploits (1)

exploitdb WRITEUP VERIFIED

by r00t · textwebappsphp

https://www.exploit-db.com/exploits/28863

View Code ZIP pw:eip

The provided text describes a cross-site scripting (XSS) vulnerability in MAXdev MD-Pro 1.0.76, where user-supplied input is not properly sanitized. The example URL demonstrates how an attacker could inject arbitrary script code via the 'op' parameter.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Theoretical

Target: MAXdev MD-Pro 1.0.76

No auth needed

Prerequisites: Access to the vulnerable URL parameter

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/20752

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2006/4195

Exploit, Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/22564

Scores

EPSS 0.0156

EPSS Percentile 72.0%

Details

Status published

Products (1)

maxdev/md-pro < 1.0.76

Published Oct 27, 2006

Tracked Since Feb 18, 2026