SQL Injection Vulnerability in ProFTPD's PostgreSQL Authentication Module
CVE-2003-0500

Currently unrated

Key Information:

Vendor: Proftpd Project
Status: Proftpd
Vendor: CVE Published:; 7 August 2003

🔔 Create Proftpd Project Vulnerability Alert

What is CVE-2003-0500?

A SQL injection vulnerability exists in the PostgreSQL authentication module (mod_sql_postgres) for ProFTPD versions prior to 1.2.9rc1. This flaw allows remote attackers to exploit the authentication mechanism by crafting malicious USER names, potentially executing arbitrary SQL commands. The exploitation can lead to unauthorized privilege escalation or theft of sensitive information, such as user credentials, thus undermining the integrity and security of the affected systems.

References

http://lists.grok.org.uk/pipermail/full-disclosure/2003-J...

mailing-listx_refsource_FULLDISC

http://www.debian.org/security/2003/dsa-338

vendor-advisoryx_refsource_DEBIAN

Timeline

Vulnerability published
Aug 7, 2003
Vulnerability Reserved
Jun 30, 2003

JSON