Lucene search
McreferMcrefer
2 matches found
CVE-2007-1073
Static code injection vulnerability in install.php in mcRefer allows remote attackers to execute arbitrary PHP code via the bgcolor parameter, which is inserted into mcrconf.inc.php.
10CVSS7.8AI score0.0098EPSS
CVE-2007-0875
SQL injection vulnerability in install.php in mcRefer allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: this issue has been disputed by a third party, stating that the file does not use a SQL database
7.5CVSS8.2AI score0.00823EPSS