CVE-2007-3938

MAXdev MDPro < 1.0.8x - SQL Injection via Topics Module topicid Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-3938. PoCs published by anonymous.

AI-analyzed exploit summary This exploit is a SQL injection (SQLi) proof-of-concept for CVE-2007-3938, targeting Md-Pro software. It leverages a UNION-based SQLi to extract admin credentials (username and password) from the database.

Description

SQL injection vulnerability in index.php in MAXdev MDPro (MD-Pro) 1.0.8x and earlier before 20070720 allows remote attackers to execute arbitrary SQL commands via the topicid parameter in a view action in the Topics module, a different vulnerability than CVE-2006-1676.

Exploits (1)

exploitdb WORKING POC VERIFIED

by anonymous · textwebappsphp

https://www.exploit-db.com/exploits/4199

View Code ZIP pw:eip

This exploit is a SQL injection (SQLi) proof-of-concept for CVE-2007-3938, targeting Md-Pro software. It leverages a UNION-based SQLi to extract admin credentials (username and password) from the database.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Md-Pro (version unspecified)

No auth needed

Prerequisites: Target must be running vulnerable Md-Pro software · Database prefix must be known (default: 'md_')

MITRE ATT&CK