Описание
SQL injection vulnerability in ProFTPD Server 1.3.1 through 1.3.2rc2 allows remote attackers to execute arbitrary SQL commands via a "%" (percent) character in the username, which introduces a "'" (single quote) character during variable substitution by mod_sql.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | not-affected | 1.3.2c-1 |
| gutsy | ignored | end of life, was needed |
| hardy | ignored | end of life |
| intrepid | ignored | end of life, was needed |
| jaunty | ignored | end of life |
| karmic | not-affected | 1.3.2-3 |
| lucid | not-affected | 1.3.2c-1 |
| maverick | not-affected | 1.3.2c-1 |
| natty | not-affected | 1.3.2c-1 |
Показывать по
Ссылки на источники
7.5 High
CVSS2
Связанные уязвимости
SQL injection vulnerability in ProFTPD Server 1.3.1 through 1.3.2rc2 allows remote attackers to execute arbitrary SQL commands via a "%" (percent) character in the username, which introduces a "'" (single quote) character during variable substitution by mod_sql.
SQL injection vulnerability in ProFTPD Server 1.3.1 through 1.3.2rc2 allows remote attackers to execute arbitrary SQL commands via a "%" (percent) character in the username, which introduces a "'" (single quote) character during variable substitution by mod_sql.
SQL injection vulnerability in ProFTPD Server 1.3.1 through 1.3.2rc2 a ...
SQL injection vulnerability in ProFTPD Server 1.3.1 through 1.3.2rc2 allows remote attackers to execute arbitrary SQL commands via a "%" (percent) character in the username, which introduces a "'" (single quote) character during variable substitution by mod_sql.
Уязвимости операционной системы Debian GNU/Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
7.5 High
CVSS2