AdLogin.pm in AdCycle 1.15 and earlier allows remote attackers to bypass authentication and gain privileges by injecting SQL code in the $password argument.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Adcycle | Adcycle | 0.77 | 0.77 |
Adcycle | Adcycle | 0.77b | 0.77b |
Adcycle | Adcycle | 0.78b | 0.78b |
Adcycle | Adcycle | 1.0 | 1.0 |
Adcycle | Adcycle | 1.12 | 1.12 |
Adcycle | Adcycle | 1.13 | 1.13 |
Adcycle | Adcycle | 1.14 | 1.14 |
Adcycle | Adcycle | 1.15 | 1.15 |