This script is Copyright (C) 2009-2014 Tenable Network Security, Inc.
The remote FTP server is affected by a SQL injection vulnerability.
The remote host is using ProFTPD, a free FTP server for Unix and
The variable substitution feature in the version of ProFTPD running on
the remote host can be abused to conduct a SQL injection attack. For
example, a remote attacker can bypass authentication using a specially
crafted username containing a percent sign character ('%'), a single
quote, and SQL code.
See also :
Upgrade to ProFTPD 1.3.2rc3 or later.
Risk factor :
High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.2
Public Exploit Available : true
Nessus Plugin ID: 35690 ()
Bugtraq ID: 33722
CVE ID: CVE-2009-0542
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.