cpe:/a:mcrefer:mcrefer:1.0 CVE-2007-0875 2007-02-12T14:28:00.000-05:00 2008-11-15T00:00:00.000-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-02-13T09:11:00.000-05:00 BUGTRAQ 20070209 mcRefer SQL injection BUGTRAQ 20070211 Re: mcRefer SQL injection SREASON 2235 BID 22507 OSVDB 33675 MISC http://forums.avenir-geopolitique.net/viewtopic.php?t=2642 ** DISPUTED ** SQL injection vulnerability in install.php in mcRefer allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: this issue has been disputed by a third party, stating that the file does not use a SQL database.