CVE-2009-4795

Опубликовано: 22 апр. 2010

Источник: nvd

CVSS2: 6.8

EPSS Низкий

Описание

Multiple SQL injection vulnerabilities in Xlight FTP Server before 3.2.1, when ODBC authentication is enabled, allow remote attackers to execute arbitrary SQL commands via the (1) USER (aka username) or (2) PASS (aka password) command.

Ссылки

http://secunia.com/advisories/34513
Vendor Advisory
http://www.securityfocus.com/bid/34288
Exploit
Patch
http://www.xlightftpd.com/forum/viewtopic.php?t=1042
Exploit
http://www.xlightftpd.com/whatsnew.htm
https://exchange.xforce.ibmcloud.com/vulnerabilities/49495
http://secunia.com/advisories/34513
Vendor Advisory
http://www.securityfocus.com/bid/34288
Exploit
Patch
http://www.xlightftpd.com/forum/viewtopic.php?t=1042
Exploit
http://www.xlightftpd.com/whatsnew.htm
https://exchange.xforce.ibmcloud.com/vulnerabilities/49495

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:xlightftpd:xlight_ftp_server:*:*:*:*:*:*:*:*

Версия до 3.2 (включая)

cpe:2.3:a:xlightftpd:xlight_ftp_server:1.60:*:*:*:*:*:*:*

cpe:2.3:a:xlightftpd:xlight_ftp_server:1.61:*:*:*:*:*:*:*

cpe:2.3:a:xlightftpd:xlight_ftp_server:1.62:*:*:*:*:*:*:*

cpe:2.3:a:xlightftpd:xlight_ftp_server:1.62a:*:*:*:*:*:*:*

cpe:2.3:a:xlightftpd:xlight_ftp_server:1.64:*:*:*:*:*:*:*

cpe:2.3:a:xlightftpd:xlight_ftp_server:1.65:*:*:*:*:*:*:*

cpe:2.3:a:xlightftpd:xlight_ftp_server:2.0:*:*:*:*:*:*:*

cpe:2.3:a:xlightftpd:xlight_ftp_server:2.01:*:*:*:*:*:*:*

cpe:2.3:a:xlightftpd:xlight_ftp_server:2.1:*:*:*:*:*:*:*

cpe:2.3:a:xlightftpd:xlight_ftp_server:2.2:*:*:*:*:*:*:*

cpe:2.3:a:xlightftpd:xlight_ftp_server:2.02:*:*:*:*:*:*:*

cpe:2.3:a:xlightftpd:xlight_ftp_server:2.03:*:*:*:*:*:*:*

cpe:2.3:a:xlightftpd:xlight_ftp_server:2.8:*:*:*:*:*:*:*

cpe:2.3:a:xlightftpd:xlight_ftp_server:2.24:*:*:*:*:*:*:*

cpe:2.3:a:xlightftpd:xlight_ftp_server:2.27:*:*:*:*:*:*:*

cpe:2.3:a:xlightftpd:xlight_ftp_server:2.40:*:*:*:*:*:*:*

cpe:2.3:a:xlightftpd:xlight_ftp_server:2.60:*:*:*:*:*:*:*

cpe:2.3:a:xlightftpd:xlight_ftp_server:2.70:*:*:*:*:*:*:*

cpe:2.3:a:xlightftpd:xlight_ftp_server:2.72:*:*:*:*:*:*:*

cpe:2.3:a:xlightftpd:xlight_ftp_server:2.82:*:*:*:*:*:*:*

cpe:2.3:a:xlightftpd:xlight_ftp_server:2.83:*:*:*:*:*:*:*

cpe:2.3:a:xlightftpd:xlight_ftp_server:2.85:*:*:*:*:*:*:*

cpe:2.3:a:xlightftpd:xlight_ftp_server:2.86:*:*:*:*:*:*:*

cpe:2.3:a:xlightftpd:xlight_ftp_server:2.706:*:*:*:*:*:*:*

cpe:2.3:a:xlightftpd:xlight_ftp_server:2.835:*:*:*:*:*:*:*

cpe:2.3:a:xlightftpd:xlight_ftp_server:2.861:*:*:*:*:*:*:*

cpe:2.3:a:xlightftpd:xlight_ftp_server:3.0:*:*:*:*:*:*:*

cpe:2.3:a:xlightftpd:xlight_ftp_server:3.0.5:*:*:*:*:*:*:*

cpe:2.3:a:xlightftpd:xlight_ftp_server:3.1:*:*:*:*:*:*:*

cpe:2.3:a:xlightftpd:xlight_ftp_server:3.1.1:*:*:*:*:*:*:*

cpe:2.3:a:xlightftpd:xlight_ftp_server:3.1.5:*:*:*:*:*:*:*

cpe:2.3:a:xlightftpd:xlight_ftp_server:3.1.6:*:*:*:*:*:*:*

EPSS

Процентиль: 39%

0.00174

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-4m4q-9cc6-g4mh

github

почти 4 года назад