CVE-2009-4795

medium

Description

Multiple SQL injection vulnerabilities in Xlight FTP Server before 3.2.1, when ODBC authentication is enabled, allow remote attackers to execute arbitrary SQL commands via the (1) USER (aka username) or (2) PASS (aka password) command.

References

http://secunia.com/advisories/34513

http://www.securityfocus.com/bid/34288

http://www.xlightftpd.com/forum/viewtopic.php?t=1042

http://www.xlightftpd.com/whatsnew.htm

https://exchange.xforce.ibmcloud.com/vulnerabilities/49495

Details

Source: MITRE

Published: 2010-04-22

Updated: 2017-08-17

Type: CWE-89

Risk Information

CVSS v2

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM