CVE-2009-4795

Sažetak

Multiple SQL injection vulnerabilities in Xlight FTP Server before 3.2.1, when ODBC authentication is enabled, allow remote attackers to execute arbitrary SQL commands via the (1) USER (aka username) or (2) PASS (aka password) command.

Reference

http://secunia.com/advisories/34513
http://www.securityfocus.com/bid/34288
http://www.xlightftpd.com/forum/viewtopic.php?t=1042
http://www.xlightftpd.com/whatsnew.htm
https://exchange.xforce.ibmcloud.com/vulnerabilities/49495

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

17-08-2017 - 01:31

Objavljeno

22-04-2010 - 14:30