DescriptionSQL injection vulnerability in ProFTPD Server 1.3.1 through 1.3.2rc2 allows remote attackers to execute arbitrary SQL commands via a "%" (percent) character in the username, which introduces a "'" (single quote) character during variable substitution by mod_sql.
Overall state of this security issue: Resolved
This issue is currently rated as having important severity.
|National Vulnerability Database|
List of released packages
|Product(s)||Fixed package version(s)||References|
|openSUSE Tumbleweed|| ||Patchnames: |
openSUSE Tumbleweed GA proftpd-1.3.5b-2.5
SUSE Timeline for this CVECVE page created: Fri Jun 28 03:29:31 2013
CVE page last modified: Fri Oct 7 12:45:45 2022