Release DateJan 05, 2012 |
Severityhigh |
ImpactSystem Compromise: Remote attackers can execute arbitrary script code in the context of the affected site. |
DescriptionThis indicates an attack attempt against an SQL Injection vulnerability in ProFTPD.The vulnerability is caused by an error when the vulnerable software handles a specially crafted username. It allows a remote attacker to execute arbitrary SQL commands. |
Affected ProductsProFTPD Project ProFTPD 1.3.2 rc2ProFTPD Project ProFTPD 1.3.1 |
Recommended ActionsUpgrade to the latest version of ProFTPD (1.3.2 or later):http://www.proftpd.org/ |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2009-0542 |
Reference/shttp://www.securityfocus.com/bid/33722 (BugTraq) |
