CyberSec.Space Logo
返回 CVE 浏览器

CVE-2003-0500

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1790%
EPSS Percentile9.63th
Published2003年8月7日
Last Modified2026年4月16日

Vulnerability Description

SQL injection vulnerability in the PostgreSQL authentication module (mod_sql_postgres) for ProFTPD before 1.2.9rc1 allows remote attackers to execute arbitrary SQL and gain privileges by bypassing authentication or stealing passwords via the USER name.

Affected Platforms (CPE)

📦
Proftpd Project

Proftpd

= 1.2.9_rc1

References & Advisories

🔗 http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/005826.html
🔗 http://www.debian.org/security/2003/dsa-338
🔗 http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/005826.html
🔗 http://www.debian.org/security/2003/dsa-338

相关漏洞威胁

CVE-2006-581510.0

Stack-based buffer overflow in the sreplace function in ProFTPD 1.3.0 and earlier allows remote attackers, probably authenticated,...

CVE-1999-036810.0

Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto.

CVE-1999-091110.0

Buffer overflow in ProFTPD, wu-ftpd, and beroftpd allows remote attackers to gain root access via a series of MKD and CWD commands...

CVE-2010-422110.0

Multiple stack-based buffer overflows in the pr_netio_telnet_gets function in netio.c in ProFTPD before 1.3.3c allow remote attack...