CVE-2007-5222

Maxdev Mdpro - SQL Injection

Title source: rule

Description

SQL injection vulnerability in index.php in MAXdev MDPro (MD-Pro) 1.0.76 allows remote attackers to execute arbitrary SQL commands via a "Firefox ID=" substring in a Referer HTTP header.

Exploits (2)

exploitdb WORKING POC VERIFIED

by undefined1_ · perlwebappsphp

https://www.exploit-db.com/exploits/4467

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by unidentified1_ is · perlwebappsphp

https://www.exploit-db.com/exploits/30623

View Code ZIP pw:eip

References (7)

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/36871

[Third Party Advisory] http://www.vupen.com/english/advisories/2007/3314

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/data/vulnerabilities/exploits/25864.pl

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/4467

[Patch, URL Repurposed] http://www.maxdev.com/Article641.phtml

[Third Party Advisory, VDB Entry] http://osvdb.org/38556

[Exploit] http://www.securityfocus.com/bid/25864

Scores

EPSS 0.0174

EPSS Percentile 82.6%

Details

CWE

CWE-89

Status published

Products (1)

maxdev/mdpro 1.0.76

Published Oct 05, 2007

Tracked Since Feb 18, 2026