CVE-2006-7112

Maxdev Mdpro < 1.0.76 - Path Traversal

Title source: rule

Description

Directory traversal vulnerability in error.php in MD-Pro 1.0.76 and earlier allows remote authenticated users to read and include arbitrary files via the PNSVlang cookie, as demonstrated by uploading a GIF image using AddDownload or injecting PHP code into a log file, then accessing it.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Kacper · phpwebappsphp

https://www.exploit-db.com/exploits/2712

View Code ZIP pw:eip

References (3)

[Exploit] http://www.securityfocus.com/bid/20912

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/2712

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/30026

Scores

EPSS 0.0404

EPSS Percentile 88.5%

Details

CWE

CWE-22

Status published

Products (1)

maxdev/mdpro < 1.0.76

Published Mar 06, 2007

Tracked Since Feb 18, 2026