CVE-2007-1073 Information

Description

Static code injection vulnerability in install.php in mcRefer allows remote attackers to execute arbitrary PHP code via the bgcolor parameter which is inserted into mcrconf.inc.php.

Reference

http://osvdb.org/42619 http://securityreason.com/securityalert/2283 http://www.securityfocus.com/archive/1/459796/100/200/threaded