OpenCVE

AdCycle 1.17 and earlier allow remote attackers to modify SQL queries, which are not properly sanitized before being passed to the MySQL database.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Adcycle	Adcycle

Configuration 1 [-]

OR	cpe:2.3:a:adcycle:adcycle:1.12:::::::*
	cpe:2.3:a:adcycle:adcycle:1.13:::::::*
	cpe:2.3:a:adcycle:adcycle:1.14:::::::*
	cpe:2.3:a:adcycle:adcycle:1.15:::::::*
	cpe:2.3:a:adcycle:adcycle:1.16:::::::*
	cpe:2.3:a:adcycle:adcycle:1.17:::::::*

No data.

References

Link	Providers
http://www.iss.net/security_center/static/7762.php
http://www.securityfocus.com/archive/1/247126
http://www.securityfocus.com/bid/3741

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2002-03-15T05:00:00

Updated: 2024-08-08T04:51:07.103Z

Reserved: 2002-03-15T00:00:00

Link: CVE-2001-1226

Vulnrichment

No data.

NVD

Status : Modified

Published: 2001-12-25T05:00:00.000

Modified: 2024-11-20T23:37:11.670

Link: CVE-2001-1226

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2001-12-25T00:00:00", "descriptions": [{"lang": "en", "value": "AdCycle 1.17 and earlier allow remote attackers to modify SQL queries, which are not properly sanitized before being passed to the MySQL database."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2002-03-22T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20011225 GOBBLES CGI MARATHON #002", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/247126"}, {"name": "adcycle-modify-sql-query(7762)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "http://www.iss.net/security_center/static/7762.php"}, {"name": "3741", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/3741"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2001-1226", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "AdCycle 1.17 and earlier allow remote attackers to modify SQL queries, which are not properly sanitized before being passed to the MySQL database."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20011225 GOBBLES CGI MARATHON #002", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/247126"}, {"name": "adcycle-modify-sql-query(7762)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/7762.php"}, {"name": "3741", "refsource": "BID", "url": "http://www.securityfocus.com/bid/3741"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T04:51:07.103Z"}, "title": "CVE Program Container", "references": [{"name": "20011225 GOBBLES CGI MARATHON #002", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/247126"}, {"name": "adcycle-modify-sql-query(7762)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "http://www.iss.net/security_center/static/7762.php"}, {"name": "3741", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/3741"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2001-1226", "datePublished": "2002-03-15T05:00:00", "dateReserved": "2002-03-15T00:00:00", "dateUpdated": "2024-08-08T04:51:07.103Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adcycle:adcycle:1.12:*:*:*:*:*:*:*", "matchCriteriaId": "51DED5F8-C6B7-4E83-99D1-68218AE93801", "vulnerable": true}, {"criteria": "cpe:2.3:a:adcycle:adcycle:1.13:*:*:*:*:*:*:*", "matchCriteriaId": "D2E40848-FA86-4A13-BA3C-9E9F73918F0F", "vulnerable": true}, {"criteria": "cpe:2.3:a:adcycle:adcycle:1.14:*:*:*:*:*:*:*", "matchCriteriaId": "DF746F4C-CD78-4900-9734-C0D44A3241BB", "vulnerable": true}, {"criteria": "cpe:2.3:a:adcycle:adcycle:1.15:*:*:*:*:*:*:*", "matchCriteriaId": "0760FC61-AF27-432E-9C85-84C81FED6B5B", "vulnerable": true}, {"criteria": "cpe:2.3:a:adcycle:adcycle:1.16:*:*:*:*:*:*:*", "matchCriteriaId": "9A4CF293-B7EA-419B-BDB4-84BC4B7F5B2D", "vulnerable": true}, {"criteria": "cpe:2.3:a:adcycle:adcycle:1.17:*:*:*:*:*:*:*", "matchCriteriaId": "C6F99172-E971-4873-BD2D-7A471F3D2E46", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "AdCycle 1.17 and earlier allow remote attackers to modify SQL queries, which are not properly sanitized before being passed to the MySQL database."}, {"lang": "es", "value": "AdCycle 1.17 y anteriores permite a atacantes remotos modificar consultas SQL, que no son adecuamente limpiadas antes de ser pasadas a la base de datos MySQL."}], "id": "CVE-2001-1226", "lastModified": "2024-11-20T23:37:11.670", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2001-12-25T05:00:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.iss.net/security_center/static/7762.php"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.securityfocus.com/archive/1/247126"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.securityfocus.com/bid/3741"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.iss.net/security_center/static/7762.php"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.securityfocus.com/archive/1/247126"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.securityfocus.com/bid/3741"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}