汇总 refbase 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。
已披露问题常与 跨站脚本、SQL 注入与CSRF 相关,可能在 生产负载与软件部署 场景中带来 会话劫持与数据泄露 等暴露风险。
相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2015-7383 | Multiple cross-site scripting (XSS) vulnerabilities in Web Reference Database (aka refbase) through 0.9.6 and bleeding-edge through 2015-04-28 allow remote attackers to inject arbitrary web script or HTML via the (1) adminUserName, (2) pathToMYSQL, (3) databaseStructureFile, or (4) pathToBibutils parameter to install.php or the (5) adminUserName parameter to update.php. | [email protected] | 4.3 | 1.17% | 2015-09-28 | 2026-05-06 |
| CVE-2015-7382 | SQL injection vulnerability in install.php in Web Reference Database (aka refbase) through 0.9.6 allows remote attackers to execute arbitrary SQL commands via the defaultCharacterSet parameter, a different issue than CVE-2015-6009. | [email protected] | 7.5 | 1.47% | 2015-09-28 | 2026-05-06 |
| CVE-2015-7381 | Multiple PHP remote file inclusion vulnerabilities in install.php in Web Reference Database (aka refbase) through 0.9.6 allow remote attackers to execute arbitrary PHP code via the (1) pathToMYSQL or (2) databaseStructureFile parameter, a different issue than CVE-2015-6008. | [email protected] | 7.5 | 3.20% | 2015-09-28 | 2026-05-06 |
| CVE-2015-6012 | Multiple open redirect vulnerabilities in Web Reference Database (aka refbase) through 0.9.6 and bleeding-edge before 2015-01-08 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the referrer parameter. | [email protected] | 5.8 | 1.18% | 2015-09-28 | 2026-05-06 |
| CVE-2015-6011 | Web Reference Database (aka refbase) through 0.9.6 and bleeding-edge before 2015-01-08 allows remote attackers to conduct XML injection attacks via (1) the id parameter to unapi.php or (2) the stylesheet parameter to sru.php. | [email protected] | 5.0 | 1.23% | 2015-09-28 | 2026-05-06 |
| CVE-2015-6010 | Multiple cross-site scripting (XSS) vulnerabilities in Web Reference Database (aka refbase) through 0.9.6 and bleeding-edge before 2015-01-08 allow remote attackers to inject arbitrary web script or HTML via the (1) errorNo or (2) errorMsg parameter to error.php; the (3) viewType parameter to duplicate_manager.php; the (4) queryAction, (5) displayType, (6) citeOrder, (7) sqlQuery, (8) showQuery, (9) showLinks, (10) showRows, or (11) queryID parameter to query_manager.php; the (12) sourceText or | [email protected] | 4.3 | 1.17% | 2015-09-28 | 2026-05-06 |
| CVE-2015-6009 | Multiple SQL injection vulnerabilities in Web Reference Database (aka refbase) through 0.9.6 allow remote attackers to execute arbitrary SQL commands via (1) the where parameter to rss.php or (2) the sqlQuery parameter to search.php, a different issue than CVE-2015-7382. | [email protected] | 7.5 | 1.53% | 2015-09-28 | 2026-05-06 |
| CVE-2015-6008 | install.php in Web Reference Database (aka refbase) through 0.9.6 allows remote attackers to execute arbitrary commands via the adminPassword parameter, a different issue than CVE-2015-7381. | [email protected] | 7.5 | 4.82% | 2015-09-28 | 2026-05-06 |
| CVE-2015-6007 | Cross-site request forgery (CSRF) vulnerability in Web Reference Database (aka refbase) through 0.9.6 allows remote attackers to hijack the authentication of arbitrary users. | [email protected] | 6.8 | 0.66% | 2015-09-28 | 2026-05-06 |
| CVE-2008-6400 | Cross-site scripting (XSS) vulnerability in refbase before 0.9.5 allows remote attackers to inject arbitrary web script or HTML via the headerMsg parameter to (1) show.php and (2) search.php. NOTE: some of these details are obtained from third party information. | [email protected] | 4.3 | 1.03% | 2009-03-05 | 2026-04-23 |