The remote host is vulnerable to a SQL Injection attack.
The remote host is using ProFTPD, a free FTP server for Unix and Linux. The version of ProFTPD running on the remote host allows the percent character, '%', within the username. This would allow attackers to inject special SQL characters such as a single quote. An attacker exploiting this flaw would be able to execute arbitrary SQL commands against the database server.