彙總 refbase 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
已披露問題常與 跨站腳本、SQL 注入與CSRF 相關,可能在 生產負載與軟體部署 場景中帶來 工作階段劫持與資料外洩 等暴露風險。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2015-7383 | Multiple cross-site scripting (XSS) vulnerabilities in Web Reference Database (aka refbase) through 0.9.6 and bleeding-edge through 2015-04-28 allow remote attackers to inject arbitrary web script or HTML via the (1) adminUserName, (2) pathToMYSQL, (3) databaseStructureFile, or (4) pathToBibutils parameter to install.php or the (5) adminUserName parameter to update.php. | [email protected] | 4.3 | 0.91% | 2015-09-28 | 2026-05-06 |
| CVE-2015-7382 | SQL injection vulnerability in install.php in Web Reference Database (aka refbase) through 0.9.6 allows remote attackers to execute arbitrary SQL commands via the defaultCharacterSet parameter, a different issue than CVE-2015-6009. | [email protected] | 7.5 | 3.62% | 2015-09-28 | 2026-05-06 |
| CVE-2015-7381 | Multiple PHP remote file inclusion vulnerabilities in install.php in Web Reference Database (aka refbase) through 0.9.6 allow remote attackers to execute arbitrary PHP code via the (1) pathToMYSQL or (2) databaseStructureFile parameter, a different issue than CVE-2015-6008. | [email protected] | 7.5 | 6.15% | 2015-09-28 | 2026-05-06 |
| CVE-2015-6012 | Multiple open redirect vulnerabilities in Web Reference Database (aka refbase) through 0.9.6 and bleeding-edge before 2015-01-08 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the referrer parameter. | [email protected] | 5.8 | 0.50% | 2015-09-28 | 2026-05-06 |
| CVE-2015-6011 | Web Reference Database (aka refbase) through 0.9.6 and bleeding-edge before 2015-01-08 allows remote attackers to conduct XML injection attacks via (1) the id parameter to unapi.php or (2) the stylesheet parameter to sru.php. | [email protected] | 5.0 | 0.93% | 2015-09-28 | 2026-05-06 |
| CVE-2015-6010 | Multiple cross-site scripting (XSS) vulnerabilities in Web Reference Database (aka refbase) through 0.9.6 and bleeding-edge before 2015-01-08 allow remote attackers to inject arbitrary web script or HTML via the (1) errorNo or (2) errorMsg parameter to error.php; the (3) viewType parameter to duplicate_manager.php; the (4) queryAction, (5) displayType, (6) citeOrder, (7) sqlQuery, (8) showQuery, (9) showLinks, (10) showRows, or (11) queryID parameter to query_manager.php; the (12) sourceText or | [email protected] | 4.3 | 0.91% | 2015-09-28 | 2026-05-06 |
| CVE-2015-6009 | Multiple SQL injection vulnerabilities in Web Reference Database (aka refbase) through 0.9.6 allow remote attackers to execute arbitrary SQL commands via (1) the where parameter to rss.php or (2) the sqlQuery parameter to search.php, a different issue than CVE-2015-7382. | [email protected] | 7.5 | 3.62% | 2015-09-28 | 2026-05-06 |
| CVE-2015-6008 | install.php in Web Reference Database (aka refbase) through 0.9.6 allows remote attackers to execute arbitrary commands via the adminPassword parameter, a different issue than CVE-2015-7381. | [email protected] | 7.5 | 7.55% | 2015-09-28 | 2026-05-06 |
| CVE-2015-6007 | Cross-site request forgery (CSRF) vulnerability in Web Reference Database (aka refbase) through 0.9.6 allows remote attackers to hijack the authentication of arbitrary users. | [email protected] | 6.8 | 0.10% | 2015-09-28 | 2026-05-06 |
| CVE-2008-6400 | Cross-site scripting (XSS) vulnerability in refbase before 0.9.5 allows remote attackers to inject arbitrary web script or HTML via the headerMsg parameter to (1) show.php and (2) search.php. NOTE: some of these details are obtained from third party information. | [email protected] | 4.3 | 0.29% | 2009-03-05 | 2026-04-23 |