CVE-2009-4795

2010-04-2214:00:00

mitre

www.cve.org

8.7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

38.6%

JSON

Multiple SQL injection vulnerabilities in Xlight FTP Server before 3.2.1, when ODBC authentication is enabled, allow remote attackers to execute arbitrary SQL commands via the (1) USER (aka username) or (2) PASS (aka password) command.

References

secunia.com/advisories/34513

www.securityfocus.com/bid/34288

www.xlightftpd.com/forum/viewtopic.php?t=1042

www.xlightftpd.com/whatsnew.htm

exchange.xforce.ibmcloud.com/vulnerabilities/49495