CVE-2010-4652

2011-02-01T20:00:04
ID CVE-2010-4652
Type cve
Reporter NVD
Modified 2011-03-17T22:56:01

Description

Heap-based buffer overflow in the sql_prepare_where function (contrib/mod_sql.c) in ProFTPD before 1.3.3d, when mod_sql is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted username containing substitution tags, which are not properly handled during construction of an SQL query.