Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2003-0500

4 documents4 sources

Severity

10.0CRITICAL

EPSS

1.6%

top 18.54%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Proftpd Project Proftpd

Timeline

PublishedAug 7

Latest updateApr 29

Description

SQL injection vulnerability in the PostgreSQL authentication module (mod_sql_postgres) for ProFTPD before 1.2.9rc1 allows remote attackers to execute arbitrary SQL and gain privileges by bypassing authentication or stealing passwords via the USER name.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDproftpd_project/proftpd1.2.9_rc1

Patches

Patch: www.debian.org ↗Patch: www.debian.org ↗

🔴Vulnerability Details

GHSA

GHSA-wggx-8v47-w9m4: SQL injection vulnerability in the PostgreSQL authentication module (mod_sql_postgres) for ProFTPD before 1↗2022-04-29

▶

CVEList

CVE-2003-0500: SQL injection vulnerability in the PostgreSQL authentication module (mod_sql_postgres) for ProFTPD before 1↗2003-07-04

▶

💥Exploits & PoCs

Exploit-DB

ProFTPd 1.2.9 RC1 - 'mod_sql' SQL Injection↗2003-06-19

▶