CVE-2005-2887

Name of the Vulnerable Software and Affected Versions MAXdev MD-Pro versions 1.0.73 and earlier

Description The issue allows remote attackers to obtain sensitive information via a direct request to various endpoints, including "wiki.php", "AutoTheme directory", "Blocks directory", "admin.php", "pnadmin.php", or "Topics directory". These requests can reveal the path in an error message, potentially exposing sensitive information.

Recommendations For MAXdev MD-Pro versions 1.0.73 and earlier, consider restricting access to the sensitive endpoints, such as "wiki.php", "AutoTheme directory", "Blocks directory", "admin.php", "pnadmin.php", or "Topics directory", to minimize the risk of exploitation. As a temporary workaround, disable error messages that reveal sensitive path information until a patch is available.