CVE-2009-4795

2010-04-2214:00:00

mitre

www.cve.org

AI Score

8.7

Confidence

Low

EPSS

0.001

Percentile

38.6%

JSON

Multiple SQL injection vulnerabilities in Xlight FTP Server before 3.2.1, when ODBC authentication is enabled, allow remote attackers to execute arbitrary SQL commands via the (1) USER (aka username) or (2) PASS (aka password) command.

References

secunia.com/advisories/34513

www.securityfocus.com/bid/34288

www.xlightftpd.com/forum/viewtopic.php?t=1042

www.xlightftpd.com/whatsnew.htm

exchange.xforce.ibmcloud.com/vulnerabilities/49495