Unrated severityNVD Advisory· Published Feb 12, 2009· Updated Apr 23, 2026

CVE-2009-0543

Description

ProFTPD Server 1.3.1, with NLS support enabled, allows remote attackers to bypass SQL injection protection mechanisms via invalid, encoded multibyte characters, which are not properly handled in (1) mod_sql_mysql and (2) mod_sql_postgres.

Affected products

Proftpd/Proftpd
cpe:2.3:a:proftpd:proftpd:1.3.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

bugs.proftpd.org/show_bug.cginvd
secunia.com/advisories/34268nvd
security.gentoo.org/glsa/glsa-200903-27.xmlnvd
www.debian.org/security/2009/dsa-1730nvd
www.mandriva.com/security/advisoriesnvd
www.openwall.com/lists/oss-security/2009/02/11/4nvd
www.openwall.com/lists/oss-security/2009/02/11/5nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000