SQL Injection Vulnerabilities in Xlight FTP Server by Xlight
CVE-2009-4795

Currently unrated

Key Information:

Vendor

Xlightftpd

Status
Xlight Ftp Server
Vendor
CVE Published:
22 April 2010

What is CVE-2009-4795?

Multiple SQL injection vulnerabilities exist in Xlight FTP Server prior to version 3.2.1, specifically when ODBC authentication is enabled. These security flaws allow remote attackers to execute arbitrary SQL commands by manipulating the USER (username) or PASS (password) commands. This could lead to unauthorized access or compromise of the database underlying the server, posing a significant risk to data integrity and system security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.xlightftpd.com/forum/viewtopic.php?t=1042
x_refsource_MISC
http://www.securityfocus.com/bid/34288
vdb-entryx_refsource_BID
http://www.xlightftpd.com/whatsnew.htm
x_refsource_CONFIRM

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.