CVE-2009-0542

EPSS 58.5%

proftpd-dfsg - SQL injection vulnerabilites

Published: 2/12/2009Modified: 4/28/2026

Also known as:DEBIAN-CVE-2009-0542

Description

SQL injection vulnerability in ProFTPD Server 1.3.1 through 1.3.2rc2 allows remote attackers to execute arbitrary SQL commands via a "%" (percent) character in the username, which introduces a "'" (single quote) character during variable substitution by mod_sql.

Affected packages (3)

Debian/proftpd-dfsgfrom 0, < 1.3.2-1
Debian/proftpd-dfsgfrom 0, < 1.3.1-17lenny1
Debian/proftpd-dfsgfrom 0, < 1.3.1-17lenny2

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2009-0542