CVE-2007-1073

Name of the Vulnerable Software and Affected Versions: mcRefer (affected versions not specified)

Description: A static code injection issue exists, allowing remote attackers to execute arbitrary PHP code. This is achieved via the bgcolor parameter in install.php, which is then inserted into mcrconf.inc.php.

Recommendations: For mcRefer, consider restricting access to the install.php file and avoid using the bgcolor parameter until a fix is available. As a temporary workaround, restrict write access to mcrconf.inc.php to minimize the risk of exploitation.