VYPR
Unrated severityNVD Advisory· Published Feb 12, 2009· Updated Jun 16, 2026

CVE-2009-0542

CVE-2009-0542

Description

SQL injection vulnerability in ProFTPD Server 1.3.1 through 1.3.2rc2 allows remote attackers to execute arbitrary SQL commands via a "%" (percent) character in the username, which introduces a "'" (single quote) character during variable substitution by mod_sql.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

5
  • Proftpd/Proftpd4 versions
    cpe:2.3:a:proftpd_project:proftpd:1.3.1:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:proftpd_project:proftpd:1.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:proftpd_project:proftpd:1.3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:proftpd_project:proftpd:1.3.2_rc2:*:*:*:*:*:*:*
    • (no CPE)range: 1.3.1 - 1.3.2rc2

Patches

Vulnerability mechanics

References

13

News mentions

0

No linked articles in our index yet.