High severity7.5NVD Advisory· Published Nov 29, 2024· Updated Apr 15, 2026

CVE-2024-48651

Description

In ProFTPD through 1.3.8b before cec01cc, supplemental group inheritance grants unintended access to GID 0 because of the lack of supplemental groups from mod_sql.

Patches

cec01cc0a252

https://github.com/proftpd/proftpdvia osv

commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/proftpd/proftpd/commit/cec01cc0a2523453e5da5a486bc6d977c3768db1nvd
github.com/proftpd/proftpd/issues/1830nvd
lists.debian.org/debian-lts-announce/2024/11/msg00032.htmlnvd

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.029
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000