McreferCVEs & Vulnerabilities
2 CVEs affecting Mcrefer products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.
2 CVEs→ All vendors
Most Affected Products
mcrefer 2
CVE-2007-1073CRITICAL
Static code injection vulnerability in install.php in mcRefer allows remote attackers to execute arbitrary PHP code via the bgcolor parameter, which is inserted into mcrconf.inc.php.
23 Feb 2007
10.0
CVSS
CVE-2007-0875HIGH
SQL injection vulnerability in install.php in mcRefer allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: this issue has been disputed by a third party, stating that the file does not use a SQL database
12 Feb 2007
7.5
CVSS
← PrevPage 1 / 1Next →