SQL Injection Flaw in ProFTPD Server by ProFTPD
CVE-2009-0542

Currently unrated

Key Information:

Vendor

Proftpd Project

Status
Proftpd
Vendor
CVE Published:
12 February 2009

What is CVE-2009-0542?

The ProFTPD Server versions 1.3.1 through 1.3.2rc2 are subject to an SQL injection vulnerability that enables remote attackers to exploit the system by sending specially crafted usernames. This injection leverages the '%' character, which manipulates the username input to include a single quote, leading to arbitrary SQL command execution through mod_sql. This issue poses significant security risks for server integrity and data confidentiality.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.debian.org/security/2009/dsa-1730
vendor-advisoryx_refsource_DEBIAN
http://www.securityfocus.com/archive/1/500833/100/0/threaded
mailing-listx_refsource_BUGTRAQ
http://www.openwall.com/lists/oss-security/2009/02/11/5
mailing-listx_refsource_MLIST

EPSS Score

58% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.