VYPR

Mcrefer

by Mcrefer

CVEs (2)

  • CVE-2007-1073Feb 22, 2007
    risk 0.00cvss epss 0.02

    Static code injection vulnerability in install.php in mcRefer allows remote attackers to execute arbitrary PHP code via the bgcolor parameter, which is inserted into mcrconf.inc.php.

  • CVE-2007-0875Feb 12, 2007
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in install.php in mcRefer allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: this issue has been disputed by a third party, stating that the file does not use a SQL database