Vulnerabilities > CVE-2001-1224 - SQL Injection vulnerability in LES Vanbrunt Adrotate PRO 2.0

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

les-vanbrunt

NVD

Published: 2001-12-23

Updated: 2008-09-05

Summary

get_input in adrotate.pm for Les VanBrunt AdRotate Pro 2.0 allows remote attackers to modify the database and possibly execute arbitrary commands via a SQL code injection attack.

Vulnerable Configurations

Part	Description	Count
Application	Les_Vanbrunt LES Vanbrunt Adrotate PRO 2.0	1

References

http://www.iss.net/security_center/static/7736.php
http://www.securityfocus.com/archive/1/246994
http://www.securityfocus.com/bid/3739