Adcycle: Security Vulnerabilities
AdCycle 1.17 and earlier allow remote attackers to modify SQL queries, which are not properly sanitized before being passed to the MySQL database.
CVSS Score
5.0
EPSS Score
0.006
Published
2001-12-25
AdLogin.pm in AdCycle 1.15 and earlier allows remote attackers to bypass authentication and gain privileges by injecting SQL code in the $password argument.
CVSS Score
10.0
EPSS Score
0.005
Published
2001-07-13
AdLibrary.pm in AdCycle 0.78b allows remote attackers to gain privileges to AdCycle via a malformed Agent: header in the HTTP request, which is inserted into a resulting SQL query that is used to verify login information.
CVSS Score
7.5
EPSS Score
0.024
Published
2001-06-27
The installation of AdCycle banner management system leaves the build.cgi program in a web-accessible directory, which allows remote attackers to execute the program and view passwords or delete databases.
CVSS Score
7.5
EPSS Score
0.007
Published
2001-01-09