CVE-2006-7112

Name of the Vulnerable Software and Affected Versions MD-Pro versions 1.0.76 and earlier

Description The issue allows remote authenticated users to read and include arbitrary files via the PNSVlang cookie. This can be exploited by uploading a malicious file, such as a GIF image, using AddDownload, or by injecting PHP code into a log file and then accessing it.

Recommendations For MD-Pro versions 1.0.76 and earlier, as a temporary workaround, consider restricting access to the error.php file and the PNSVlang cookie to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.