CVE-2006-7112

Maxdev Mdpro < 1.0.76 - Path Traversal

Title source: rule
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-7112. PoCs published by Kacper.

AI-analyzed exploit summary This exploit targets a vulnerability in MDPro <= 1.0.76 by leveraging a cookie-based language parameter to achieve remote code execution. It uploads a malicious GIF file containing PHP code to execute arbitrary commands on the target system.

Description

Directory traversal vulnerability in error.php in MD-Pro 1.0.76 and earlier allows remote authenticated users to read and include arbitrary files via the PNSVlang cookie, as demonstrated by uploading a GIF image using AddDownload or injecting PHP code into a log file, then accessing it.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Kacper · phpwebappsphp
https://www.exploit-db.com/exploits/2712

This exploit targets a vulnerability in MDPro <= 1.0.76 by leveraging a cookie-based language parameter to achieve remote code execution. It uploads a malicious GIF file containing PHP code to execute arbitrary commands on the target system.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: MDPro <= 1.0.76
Auth required
Prerequisites: Valid user credentials · Session ID · File upload functionality enabled · Secure categories disabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/30026
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/2712
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/20912

Scores

EPSS 0.0161
EPSS Percentile 72.7%

Details

CWE
CWE-22
Status published
Products (1)
maxdev/mdpro < 1.0.76
Published Mar 06, 2007
Tracked Since Feb 18, 2026