Vulnerabilities > Proftpd Project > Proftpd > 1.3.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-02-12 | CVE-2009-0542 | SQL Injection vulnerability in Proftpd Project Proftpd 1.3.1/1.3.2/1.3.2Rc2 SQL injection vulnerability in ProFTPD Server 1.3.1 through 1.3.2rc2 allows remote attackers to execute arbitrary SQL commands via a "%" (percent) character in the username, which introduces a "'" (single quote) character during variable substitution by mod_sql. | 7.5 |
2008-09-25 | CVE-2008-4242 | Cross-Site Request Forgery (CSRF) vulnerability in Proftpd Project Proftpd 1.3.1 ProFTPD 1.3.1 interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser. | 6.8 |