9.4 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
38.6%
Multiple SQL injection vulnerabilities in Xlight FTP Server before 3.2.1, when ODBC authentication is enabled, allow remote attackers to execute arbitrary SQL commands via the (1) USER (aka username) or (2) PASS (aka password) command.
secunia.com/advisories/34513
www.securityfocus.com/bid/34288
www.xlightftpd.com/forum/viewtopic.php?t=1042
www.xlightftpd.com/whatsnew.htm
exchange.xforce.ibmcloud.com/vulnerabilities/49495