CyberSec.Space Logo
Back to CVE Browser

CVE-2007-1073

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0780%
EPSS Percentile12.77th
PublishedFeb 22, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

Static code injection vulnerability in install.php in mcRefer allows remote attackers to execute arbitrary PHP code via the bgcolor parameter, which is inserted into mcrconf.inc.php.

Affected Platforms (CPE)

πŸ“¦
Mcrefer

Mcrefer

All versions

References & Advisories

πŸ”— http://osvdb.org/42619
πŸ”— http://securityreason.com/securityalert/2283
πŸ”— http://www.securityfocus.com/archive/1/459796/100/200/threaded
πŸ”— http://osvdb.org/42619
πŸ”— http://securityreason.com/securityalert/2283
πŸ”— http://www.securityfocus.com/archive/1/459796/100/200/threaded

Related Vulnerabilities

CVE-2007-08757.5

SQL injection vulnerability in install.php in mcRefer allows remote attackers to execute arbitrary SQL commands via unspecified ve...

CVE-2007-049610.0

PHP remote file inclusion vulnerability in lib/nl/nl.php in Neon Labs Website (nlws) 3.2 and earlier allows remote attackers to ex...

CVE-2007-158710.0

templates/config/mail.tpl in Tim Soderstrom StatsDawg 0.92 allows remote attackers to execute arbitrary programs by specifying the...

CVE-2007-182310.0

T-Mobile voice mail systems allow remote attackers to retrieve or remove messages, or reconfigure mailboxes, by spoofing Calling N...