CVE-2009-0542
proftpd-dfsg - SQL injection vulnerabilites
EPSS 58.5%
Description
SQL injection vulnerability in ProFTPD Server 1.3.1 through 1.3.2rc2 allows remote attackers to execute arbitrary SQL commands via a "%" (percent) character in the username, which introduces a "'" (single quote) character during variable substitution by mod_sql.
How to fix CVE-2009-0542
To remediate CVE-2009-0542, upgrade the affected package to a fixed version below.
- Debian/proftpd-dfsg—upgrade to 1.3.2-1 or later
- Debian/proftpd-dfsg—upgrade to 1.3.1-17lenny1 or later
- Debian/proftpd-dfsg—upgrade to 1.3.1-17lenny2 or later
Is CVE-2009-0542 being exploited?
Likely — EPSS is 58.5%, placing CVE-2009-0542 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.
Affected packages (3)
- from 0, < 1.3.2-1
- from 0, < 1.3.1-17lenny1
- from 0, < 1.3.1-17lenny2