760
VMScore

CVE-2009-0542

Published: 12/02/2009 Updated: 11/10/2018
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 760
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

SQL injection vulnerability in ProFTPD Server 1.3.1 through 1.3.2rc2 allows remote malicious users to execute arbitrary SQL commands via a "%" (percent) character in the username, which introduces a "'" (single quote) character during variable substitution by mod_sql.

Affected Products

Vendor Product Versions
Proftpd ProjectProftpd1.3.1, 1.3.2, 1.3.2 Rc2

Vendor Advisories

Debian Bug report logs - #516388 proftpd: Several SQL injection vulnerabilities Package: proftpd; Maintainer for proftpd is (unknown); Reported by: Steffen Joeris <steffenjoeris@skolelinuxde> Date: Sat, 21 Feb 2009 05:24:01 UTC Severity: grave Tags: security Fixed in version proftpd-dfsg/132-1 Done: "Francesco P Lov ...
Two SQL injection vulnerabilities have been found in proftpd, a virtual-hosting FTP daemon The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0542 Shino discovered that proftpd is prone to an SQL injection vulnerability via the use of certain characters in the username CVE-2009-0543 TJ Saunde ...
The security update for proftpd-dfsg in DSA-1727-1 caused a regression with the postgresql backend This update corrects the flaw Also it was discovered that the oldstable distribution (etch) is not affected by the security issues For reference the original advisory follows Two SQL injection vulnerabilities have been found in proftpd, a virtual- ...

Exploits

source: wwwsecurityfocuscom/bid/33722/info ProFTPD is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query Exploiting this issue could allow an attacker to manipulate SQL queries, modify data, or exploit latent vulnerabilities in the underlying database Thi ...
Just found out a problem with proftpd's sql authentication The problem is easily reproducible if you login with username like: USER %') and 1=2 union select 1,1,uid,gid,homedir,shell from users; -- and a password of "1" (without quotes) which leads to a successful login Different account logins can be made successful using the limit clase (e ...