Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0500

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2003-0500
Last Modified 05 Sep 2008 04:34:28
Published 07 Aug 2003 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-0500

Summary

SQL injection vulnerability in the PostgreSQL authentication module (mod_sql_postgres) for ProFTPD before 1.2.9rc1 allows remote attackers to execute arbitrary SQL and gain privileges by bypassing authentication or stealing passwords via the USER name.

Vulnerable Systems

Application

  • Proftpd Project Proftpd 1.2.9 Rc1


References

DEBIAN - DSA-338

FULLDISC - 20030618 SQL Inject in ProFTPD login against Postgresql using mod_sql


Last Updated: 27 May 2016 10:37:56