SQL Injection Flaw in ProFTPD Server by ProFTPD
CVE-2009-0542

Currently unrated

Key Information:

Vendor: Proftpd Project
Status: Proftpd
Vendor: CVE Published:; 12 February 2009

🔔 Create Proftpd Project Vulnerability Alert

What is CVE-2009-0542?

The ProFTPD Server versions 1.3.1 through 1.3.2rc2 are subject to an SQL injection vulnerability that enables remote attackers to exploit the system by sending specially crafted usernames. This injection leverages the '%' character, which manipulates the username input to include a single quote, leading to arbitrary SQL command execution through mod_sql. This issue poses significant security risks for server integrity and data confidentiality.

References

http://www.debian.org/security/2009/dsa-1730

vendor-advisoryx_refsource_DEBIAN

http://www.securityfocus.com/archive/1/500833/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.openwall.com/lists/oss-security/2009/02/11/5

mailing-listx_refsource_MLIST

EPSS Score

58% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Feb 12, 2009
Vulnerability Reserved
Feb 12, 2009

JSON