Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
SQL injection vulnerability in the display function in the Topics module for MAXdev MDPro (MD-Pro) 1.0.73 and 1.0.72, and possibly other versions before 1.076, allows remote attackers to execute arbitrary SQL commands via the topicid parameter in a display action, which is not properly handled in PNuserapi.PHP.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
MAXDEV MDPro PNuserapi.PHP SQL注入漏洞
Vulnerability Description
MAXdev MDPro 1.0.73 ,1.0.72及其它1.076之前的可能版本中的Topics模块中display函数存在SQL注入漏洞。这使得远程攻击者可以借助于topicid参数(该参数在PNuserapi.PHP中没有得到正确地处理)执行任意SQL命令。
CVSS Information
N/A
Vulnerability Type
N/A