CVE-2001-0425

AdCycle 0.78b - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-0425. PoCs published by Neil K.

AI-analyzed exploit summary This exploit targets an authentication bypass vulnerability in Adcycle v0.78b by crafting a malicious HTTP POST request to adcenter.cgi. It leverages improper session handling to execute arbitrary commands as an already logged-in admin user.

Description

AdLibrary.pm in AdCycle 0.78b allows remote attackers to gain privileges to AdCycle via a malformed Agent: header in the HTTP request, which is inserted into a resulting SQL query that is used to verify login information.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Neil K · perlremotecgi
https://www.exploit-db.com/exploits/20642

This exploit targets an authentication bypass vulnerability in Adcycle v0.78b by crafting a malicious HTTP POST request to adcenter.cgi. It leverages improper session handling to execute arbitrary commands as an already logged-in admin user.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Adcycle v0.78b
No auth needed
Prerequisites: Adcycle v0.78b installed · Admin user must be logged in or have an active session
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/2393
Exploit, Patch, Vendor Advisory mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/163942

Scores

EPSS 0.0240
EPSS Percentile 81.9%

Details

Status published
Products (2)
adcycle/adcycle 0.77
adcycle/adcycle 0.78b
Published Jun 27, 2001
Tracked Since Feb 18, 2026