CVE-2007-5222

Name of the Vulnerable Software and Affected Versions: MAXdev MDPro (MD-Pro) version 1.0.76

Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by including a specific substring in the Referer HTTP header. The Firefox ID= substring is used to inject SQL commands.

Recommendations: For MAXdev MDPro (MD-Pro) version 1.0.76, consider restricting access to the index.php file to minimize the risk of exploitation. Avoid using the Referer HTTP header with untrusted input until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.