CVE-2009-0542

EPSS 58.5%

proftpd-dfsg - SQL injection vulnerabilites

發布日:2009/2/12修改日:2026/4/28

描述

SQL injection vulnerability in ProFTPD Server 1.3.1 through 1.3.2rc2 allows remote attackers to execute arbitrary SQL commands via a "%" (percent) character in the username, which introduces a "'" (single quote) character during variable substitution by mod_sql.

受影響套件(3)

Debian/proftpd-dfsgfrom 0, < 1.3.2-1
Debian/proftpd-dfsgfrom 0, < 1.3.1-17lenny1
Debian/proftpd-dfsgfrom 0, < 1.3.1-17lenny2

參考連結(1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2009-0542