Lucene search
K

4 matches found

OSV
OSV
added 2026/05/03 9:56 a.m.8 views

OESA-2026-2159 proftpd security update

ProFTPD is an enhanced FTP server with a focus toward simplicity, security, and ease of configuration. It features a very Apache-like configuration syntax, and a highly customizable server infrastructure, including support for multiple 'virtual' FTP servers, anonymous FTP, and permission-based...

8.1CVSS6.3AI score0.05004EPSS
Exploits6References2
NVD
NVD
added 2026/04/28 11:16 p.m.6 views

CVE-2026-42167

modsql in ProFTPD before 1.3.9a allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER requests with an expansion such as %U, and the SQL backend allows commands e.g., COPY TO PROGRAM...

8.1CVSS0.05004EPSS
Exploits6References7
CVE
CVE
added 2026/04/28 12:0 a.m.205 views

CVE-2026-42167

CVE-2026-42167 : A logic flaw in ProFTPD (mod_sql) allows unauthenticated SQL injection via logging of USER (e.g., %U). The root cause is a faulty is_escaped_text() heuristic in contrib/mod_sql.c that may treat attacker-controlled input as already escaped, leading to raw injection into SQL and po...

8.1CVSS6.3AI score0.05004EPSS
In wildExploits6References7
Vulnrichment
Vulnrichment
added 2026/04/28 12:0 a.m.5 views

CVE-2026-42167

modsql in ProFTPD before 1.3.9a allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER requests with an expansion such as %U, and the SQL backend allows commands e.g., COPY TO PROGRAM...

8.1CVSS6.3AI score0.05004EPSS
Exploits6References5
Rows per page
Query Builder