CVE-2009-0543

critical

Description

ProFTPD Server 1.3.1, with NLS support enabled, allows remote attackers to bypass SQL injection protection mechanisms via invalid, encoded multibyte characters, which are not properly handled in (1) mod_sql_mysql and (2) mod_sql_postgres.

References

http://www.openwall.com/lists/oss-security/2009/02/11/5

http://www.openwall.com/lists/oss-security/2009/02/11/4

http://www.mandriva.com/security/advisories?name=MDVSA-2009:061

http://www.debian.org/security/2009/dsa-1730

http://security.gentoo.org/glsa/glsa-200903-27.xml

http://secunia.com/advisories/34268

http://bugs.proftpd.org/show_bug.cgi?id=3173

Details

Source: Mitre, NVD

Published: 2009-02-12

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

Detections

Analytics