PostgreSQL Authentication Module (mod_sql) for ProFTPD USER Name Parameter SQL Injection
High Nessus Plugin ID 11768
SynopsisIt may be possible to read or modify arbitrary files on the remote server.
DescriptionThe remote FTP server is vulnerable to a SQL injection when it processes the USER command.
An attacker may exploit this flaw to log into the remote host as any user.
SolutionIf the remote server is ProFTPd, upgrade to ProFTPD 1.2.10.