Vulnerability Description
CRLF injection vulnerability in MAXdev MD-Pro 1.0.76 allows remote attackers to inject arbitrary HTTP headers via a CRLF sequence in the (1) name, (2) file, (3) module, and (4) func parameters in (a) index.php; and the (5) file parameter in (b) modules.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Maxdev | Md-Pro | <= 1.0.76 |
References
- http://secunia.com/advisories/22564ExploitVendor Advisory
- http://www.securityfocus.com/bid/20754
- http://www.vupen.com/english/advisories/2006/4195
- http://secunia.com/advisories/22564ExploitVendor Advisory
- http://www.securityfocus.com/bid/20754
- http://www.vupen.com/english/advisories/2006/4195
FAQ
What is CVE-2006-5565?
CVE-2006-5565 is a vulnerability with a CVSS score of 5.0 (MEDIUM). CRLF injection vulnerability in MAXdev MD-Pro 1.0.76 allows remote attackers to inject arbitrary HTTP headers via a CRLF sequence in the (1) name, (2) file, (3) module, and (4) func parameters in (a) ...
How severe is CVE-2006-5565?
CVE-2006-5565 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-5565?
Check the references section above for vendor advisories and patch information. Affected products include: Maxdev Md-Pro.