Back to search
CVE-2009-0542
Published: Feb 12, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
SQL injection vulnerability in ProFTPD Server 1.3.1 through 1.3.2rc2 allows remote attackers to execute arbitrary SQL commands via a "%" (percent) character in the username, which introduces a "'" (single quote) character during variable substitution by mod_sql.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
DSA-1730
vendor-advisory
x_refsource_DEBIAN
20090210 Re: Another SQL injection in ProFTPd with mod_mysql (probably postgres as well)
mailing-list
x_refsource_BUGTRAQ
[oss-security] 20090211 Re: CVE request for proftpd
mailing-list
x_refsource_MLIST
http://bugs.proftpd.org/show_bug.cgi?id=3180
x_refsource_CONFIRM
[oss-security] 20090211 Re: CVE request for proftpd
mailing-list
x_refsource_MLIST
34268
third-party-advisory
x_refsource_SECUNIA
MDVSA-2009:061
vendor-advisory
x_refsource_MANDRIVA
20090211 Re: Re: Another SQL injection in ProFTPd with mod_mysql (probably postgres as well)
mailing-list
x_refsource_BUGTRAQ
20090210 ProFTPd with mod_mysql Authentication Bypass Exploit
mailing-list
x_refsource_BUGTRAQ
[oss-security] 20090211 CVE request for proftpd
mailing-list
x_refsource_MLIST
GLSA-200903-27
vendor-advisory
x_refsource_GENTOO
8037
exploit
x_refsource_EXPLOIT-DB
20090210 Another SQL injection in ProFTPd with mod_mysql (probably postgres as well)
mailing-list
x_refsource_BUGTRAQ
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now