CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2007-1073

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0780%
EPSS Percentile12.77th
Published2007年2月22日
Last Modified2026年4月23日

Vulnerability Description

Static code injection vulnerability in install.php in mcRefer allows remote attackers to execute arbitrary PHP code via the bgcolor parameter, which is inserted into mcrconf.inc.php.

Affected Platforms (CPE)

📦
Mcrefer

Mcrefer

All versions

References & Advisories

🔗 http://osvdb.org/42619
🔗 http://securityreason.com/securityalert/2283
🔗 http://www.securityfocus.com/archive/1/459796/100/200/threaded
🔗 http://osvdb.org/42619
🔗 http://securityreason.com/securityalert/2283
🔗 http://www.securityfocus.com/archive/1/459796/100/200/threaded

相關漏洞威脅

CVE-2007-08757.5

SQL injection vulnerability in install.php in mcRefer allows remote attackers to execute arbitrary SQL commands via unspecified ve...

CVE-2007-049610.0

PHP remote file inclusion vulnerability in lib/nl/nl.php in Neon Labs Website (nlws) 3.2 and earlier allows remote attackers to ex...

CVE-2007-005710.0

Cisco Clean Access (CCA) 3.6.x through 3.6.4.2 and 4.0.x through 4.0.3.2 does not properly configure or allow modification of a sh...

CVE-2007-010010.0

The Perforce client does not restrict the set of files that it overwrites upon receiving a request from the server, which allows r...