CVE-2007-0875

Опубликовано: 12 фев. 2007

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

SQL injection vulnerability in install.php in mcRefer allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: this issue has been disputed by a third party, stating that the file does not use a SQL database

Ссылки

http://forums.avenir-geopolitique.net/viewtopic.php?t=2642
Exploit
http://osvdb.org/33675
http://securityreason.com/securityalert/2235
http://www.securityfocus.com/archive/1/459649/100/0/threaded
http://www.securityfocus.com/archive/1/459796/100/200/threaded
http://www.securityfocus.com/bid/22507
http://forums.avenir-geopolitique.net/viewtopic.php?t=2642
Exploit
http://osvdb.org/33675
http://securityreason.com/securityalert/2235
http://www.securityfocus.com/archive/1/459649/100/0/threaded
http://www.securityfocus.com/archive/1/459796/100/200/threaded
http://www.securityfocus.com/bid/22507

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mcrefer:mcrefer:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 77%

0.01077

Низкий

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-qv8q-9rhq-hhv2

github

почти 4 года назад

** DISPUTED ** SQL injection vulnerability in install.php in mcRefer allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: this issue has been disputed by a third party, stating that the file does not use a SQL database.