RSS   Vulnerabilities for 'Mcrefer'   RSS

2007-02-22
 
CVE-2007-1073

CWE-Other
 

 
Static code injection vulnerability in install.php in mcRefer allows remote attackers to execute arbitrary PHP code via the bgcolor parameter, which is inserted into mcrconf.inc.php.

 
2007-02-12
 
CVE-2007-0875

CWE-89
 

 
** DISPUTED ** SQL injection vulnerability in install.php in mcRefer allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: this issue has been disputed by a third party, stating that the file does not use a SQL database.

 


Copyright 2024, cxsecurity.com

 

Back to Top