CVE-2009-0542
Published: 12 February 2009
SQL injection vulnerability in ProFTPD Server 1.3.1 through 1.3.2rc2 allows remote attackers to execute arbitrary SQL commands via a "%" (percent) character in the username, which introduces a "'" (single quote) character during variable substitution by mod_sql.
Priority
Status
Package | Release | Status |
---|---|---|
proftpd-dfsg Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
gutsy |
Ignored
(end of life, was needed)
|
|
hardy |
Ignored
(end of life)
|
|
intrepid |
Ignored
(end of life, was needed)
|
|
jaunty |
Ignored
(end of life)
|
|
karmic |
Not vulnerable
(1.3.2-3)
|
|
lucid |
Not vulnerable
(1.3.2c-1)
|
|
maverick |
Not vulnerable
(1.3.2c-1)
|
|
natty |
Not vulnerable
(1.3.2c-1)
|
|
oneiric |
Not vulnerable
(1.3.2c-1)
|
|
upstream |
Released
(1.3.2)
|