CVE-2007-5222

MAXdev MDPro 1.0.76 - SQL Injection via Referer Header

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2007-5222. PoCs published by undefined1_, unidentified1_ is.

AI-analyzed exploit summary This exploit targets CVE-2007-5222, a SQL injection vulnerability in MDPro 1.0.76. It extracts admin credentials by manipulating the Referer header to perform blind SQL injection, retrieving user IDs, usernames, and password hashes.

Description

SQL injection vulnerability in index.php in MAXdev MDPro (MD-Pro) 1.0.76 allows remote attackers to execute arbitrary SQL commands via a "Firefox ID=" substring in a Referer HTTP header.

Exploits (2)

exploitdb WORKING POC VERIFIED
by undefined1_ · perlwebappsphp
https://www.exploit-db.com/exploits/4467

This exploit targets CVE-2007-5222, a SQL injection vulnerability in MDPro 1.0.76. It extracts admin credentials by manipulating the Referer header to perform blind SQL injection, retrieving user IDs, usernames, and password hashes.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: MDPro 1.0.76
No auth needed
Prerequisites: magic_quotes_runtime = off · MySQL >= 4.1.0 · Target URL with vulnerable MDPro installation
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by unidentified1_ is · perlwebappsphp
https://www.exploit-db.com/exploits/30623

This Perl script exploits an SQL injection vulnerability in MD-Pro 1.0.76 by manipulating the Referer header to extract user credentials (UID, username, and password) from the database. It uses blind SQLi techniques to enumerate data character by character.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: MD-Pro 1.0.76
No auth needed
Prerequisites: magic_quotes_runtime = off · MySQL >= 4.1.0 · network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/36871
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/3314
Third Party Advisory, VDB Entry x_refsource_misc
http://www.securityfocus.com/data/vulnerabilities/exploits/25864.pl
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/4467
Patch, URL Repurposed x_refsource_misc
http://www.maxdev.com/Article641.phtml
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/38556
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/25864

Scores

EPSS 0.0165
EPSS Percentile 73.5%

Details

CWE
CWE-89
Status published
Products (1)
maxdev/mdpro 1.0.76
Published Oct 05, 2007
Tracked Since Feb 18, 2026