AdLogin.pm in AdCycle 1.15 and earlier allows remote attackers to bypass authentication and gain privileges by injecting SQL code in the $password argument.
https://exchange.xforce.ibmcloud.com/vulnerabilities/6837
http://www.adcycle.com/cgi-bin/download.cgi?type=UNIX&version=1.17