CyberSec.Space Logo
Back to CVE Browser

CVE-2003-0500

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1790%
EPSS Percentile9.63th
PublishedAug 7, 2003
Last ModifiedApr 16, 2026

Vulnerability Description

SQL injection vulnerability in the PostgreSQL authentication module (mod_sql_postgres) for ProFTPD before 1.2.9rc1 allows remote attackers to execute arbitrary SQL and gain privileges by bypassing authentication or stealing passwords via the USER name.

Affected Platforms (CPE)

πŸ“¦
Proftpd Project

Proftpd

= 1.2.9_rc1

References & Advisories

πŸ”— http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/005826.html
πŸ”— http://www.debian.org/security/2003/dsa-338
πŸ”— http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/005826.html
πŸ”— http://www.debian.org/security/2003/dsa-338

Related Vulnerabilities

CVE-2006-581510.0

Stack-based buffer overflow in the sreplace function in ProFTPD 1.3.0 and earlier allows remote attackers, probably authenticated,...

CVE-1999-036810.0

Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto.

CVE-1999-091110.0

Buffer overflow in ProFTPD, wu-ftpd, and beroftpd allows remote attackers to gain root access via a series of MKD and CWD commands...

CVE-2010-422110.0

Multiple stack-based buffer overflows in the pr_netio_telnet_gets function in netio.c in ProFTPD before 1.3.3c allow remote attack...