mod_sqlpw module in ProFTPD does not reset a cached password when a user uses the "user" command to change accounts, which allows authenticated malicious users to gain privileges of other users.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
proftpd project proftpd |