CyberSec.Space Logo
CVEブラウザに戻る

CVE-2007-0875

HIGH
7.5
CVSS Severity Score
EPSS Score0.1580%
EPSS Percentile36.57th
Published2007年2月12日
Last Modified2026年4月23日

Vulnerability Description

SQL injection vulnerability in install.php in mcRefer allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: this issue has been disputed by a third party, stating that the file does not use a SQL database

Affected Platforms (CPE)

📦
Mcrefer

Mcrefer

= 1.0

References & Advisories

🔗 http://forums.avenir-geopolitique.net/viewtopic.php?t=2642
🔗 http://osvdb.org/33675
🔗 http://securityreason.com/securityalert/2235
🔗 http://www.securityfocus.com/archive/1/459649/100/0/threaded
🔗 http://www.securityfocus.com/archive/1/459796/100/200/threaded
🔗 http://www.securityfocus.com/bid/22507
🔗 http://forums.avenir-geopolitique.net/viewtopic.php?t=2642
🔗 http://osvdb.org/33675

関連する脆弱性情報

CVE-2007-107310.0

Static code injection vulnerability in install.php in mcRefer allows remote attackers to execute arbitrary PHP code via the bgcolo...

CVE-2007-141410.0

Multiple PHP remote file inclusion vulnerabilities in Coppermine Photo Gallery (CPG) allow remote attackers to execute arbitrary P...

CVE-2007-141610.0

PHP remote file inclusion vulnerability in createurl.php in JCcorp (aka James Coyle) URLshrink allows remote attackers to execute ...

CVE-2007-142110.0

Multiple PHP remote file inclusion vulnerabilities in Premod SubDog 2 allow remote attackers to execute arbitrary PHP code via a U...