ProFTPD is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query
Exploiting this issue could allow an attacker to manipulate SQL queries, modify data, or exploit latent vulnerabilities in the underlying database Thi ...
Just found out a problem with proftpd's sql authentication The problem is easily reproducible if you login with username like:
USER %') and 1=2 union select 1,1,uid,gid,homedir,shell from users; --
and a password of "1" (without quotes)
which leads to a successful login Different account logins can be made successful using the limit clase (e ...