VYPR
Unrated severityNVD Advisory· Published Apr 11, 2006· Updated Jun 16, 2026

CVE-2006-1676

CVE-2006-1676

Description

SQL injection vulnerability in the display function in the Topics module for MAXdev MDPro (MD-Pro) 1.0.73 and 1.0.72, and possibly other versions before 1.076, allows remote attackers to execute arbitrary SQL commands via the topicid parameter in a display action, which is not properly handled in PNuserapi.PHP.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4
  • Maxdev/Mdpro4 versions
    cpe:2.3:a:maxdev:md-pro:*:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:maxdev:md-pro:*:*:*:*:*:*:*:*range: <=1.0.75
    • cpe:2.3:a:maxdev:md-pro:1.0.72:*:*:*:*:*:*:*
    • cpe:2.3:a:maxdev:md-pro:1.0.73:*:*:*:*:*:*:*
    • (no CPE)range: <1.076

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.