CVE-2007-1073
Static code injection vulnerability in install.php in mcRefer allows remote attackers to execute arbitrary PHP code via the bgcolor parameter, which is inserted into mcrconf.inc.php.
Date published : 2007-02-22
http://www.securityfocus.com/archive/1/459796/100/200/threaded