Lucene search

K
nvd[email protected]NVD:CVE-2009-4795
HistoryApr 22, 2010 - 2:30 p.m.

CVE-2009-4795

2010-04-2214:30:00
CWE-89
web.nvd.nist.gov

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

8.7

Confidence

Low

EPSS

0.001

Percentile

38.6%

Multiple SQL injection vulnerabilities in Xlight FTP Server before 3.2.1, when ODBC authentication is enabled, allow remote attackers to execute arbitrary SQL commands via the (1) USER (aka username) or (2) PASS (aka password) command.

Affected configurations

NVD
Node
xlightftpdxlight_ftp_serverRange3.2
OR
xlightftpdxlight_ftp_serverMatch1.60
OR
xlightftpdxlight_ftp_serverMatch1.61
OR
xlightftpdxlight_ftp_serverMatch1.62
OR
xlightftpdxlight_ftp_serverMatch1.62a
OR
xlightftpdxlight_ftp_serverMatch1.64
OR
xlightftpdxlight_ftp_serverMatch1.65
OR
xlightftpdxlight_ftp_serverMatch2.0
OR
xlightftpdxlight_ftp_serverMatch2.01
OR
xlightftpdxlight_ftp_serverMatch2.1
OR
xlightftpdxlight_ftp_serverMatch2.2
OR
xlightftpdxlight_ftp_serverMatch2.02
OR
xlightftpdxlight_ftp_serverMatch2.03
OR
xlightftpdxlight_ftp_serverMatch2.8
OR
xlightftpdxlight_ftp_serverMatch2.24
OR
xlightftpdxlight_ftp_serverMatch2.27
OR
xlightftpdxlight_ftp_serverMatch2.40
OR
xlightftpdxlight_ftp_serverMatch2.60
OR
xlightftpdxlight_ftp_serverMatch2.70
OR
xlightftpdxlight_ftp_serverMatch2.72
OR
xlightftpdxlight_ftp_serverMatch2.82
OR
xlightftpdxlight_ftp_serverMatch2.83
OR
xlightftpdxlight_ftp_serverMatch2.85
OR
xlightftpdxlight_ftp_serverMatch2.86
OR
xlightftpdxlight_ftp_serverMatch2.706
OR
xlightftpdxlight_ftp_serverMatch2.835
OR
xlightftpdxlight_ftp_serverMatch2.861
OR
xlightftpdxlight_ftp_serverMatch3.0
OR
xlightftpdxlight_ftp_serverMatch3.0.5
OR
xlightftpdxlight_ftp_serverMatch3.1
OR
xlightftpdxlight_ftp_serverMatch3.1.1
OR
xlightftpdxlight_ftp_serverMatch3.1.5
OR
xlightftpdxlight_ftp_serverMatch3.1.6

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

8.7

Confidence

Low

EPSS

0.001

Percentile

38.6%

Related for NVD:CVE-2009-4795