CVE-2007-0624 Information

Description

user.php in MAXdev MDPro 1.0.76 allows remote attackers to obtain the full path via a ’ (quote) character and possibly other invalid values in the uname parameter in a userinfo operation.

Reference

http://osvdb.org/33613 http://securityreason.com/securityalert/2198 http://www.securityfocus.com/archive/1/458438/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/31898