user.php in MAXdev MDPro 1.0.76 allows remote malicious users to obtain the full path via a ' (quote) character, and possibly other invalid values, in the uname parameter in a userinfo operation.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
maxdev mdpro 1.0.76 |