Information disclosure in Maxdev Md-pro
CVE-2006-1677
MAXdev MDPro 1.0.73 and 1.0.72, and possibly other versions before 1.076, allows remote attackers to obtain the full path of the server via a direct request to includes/legacy.php.
Vulnerability class: Information Disclosure
EPSS: 0.015 (70.9th percentile) — read the EPSS interpretation.
Affected products
- Maxdev Md-pro — versions 1.0.72, 1.0.73
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (x_refsource_CONFIRM, URL Repurposed)
- cve@mitre.org (mailing-list, x_refsource_BUGTRAQ)
- cve@mitre.org (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
- cve@mitre.org (mailing-list, x_refsource_BUGTRAQ)
- cve@mitre.org (vdb-entry, x_refsource_XF)
- cve@mitre.org (vdb-entry, x_refsource_VUPEN, Vendor Advisory)