SQL Injection Vulnerabilities in Xlight FTP Server by Xlight
CVE-2009-4795

Currently unrated

Key Information:

Vendor: Xlightftpd
Status: Xlight Ftp Server
Vendor: CVE Published:; 22 April 2010

What is CVE-2009-4795?

Multiple SQL injection vulnerabilities exist in Xlight FTP Server prior to version 3.2.1, specifically when ODBC authentication is enabled. These security flaws allow remote attackers to execute arbitrary SQL commands by manipulating the USER (username) or PASS (password) commands. This could lead to unauthorized access or compromise of the database underlying the server, posing a significant risk to data integrity and system security.

References

http://www.xlightftpd.com/forum/viewtopic.php?t=1042

x_refsource_MISC

http://www.securityfocus.com/bid/34288

vdb-entryx_refsource_BID

http://www.xlightftpd.com/whatsnew.htm

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 22, 2010
Vulnerability Reserved
Apr 22, 2010

JSON

Xlightftpd

What is CVE-2009-4795?

References

Timeline