Main Vulnerability Database Exploits ID:11704 - Exploit for Improper neutralization of special elements used in an sql command ('sql injection') in ProFTPD - CVE-2009-0543

ID:11704 - Exploit for Improper neutralization of special elements used in an sql command ('sql injection') in ProFTPD - CVE-2009-0543

Published: June 23, 2025

Vulnerability identifier: #VU111813

Vulnerability risk: Medium

CVE-ID: CVE-2009-0543

CWE-ID: CWE-89

Exploitation vector: Remote access

Vulnerable software:
ProFTPD

Link to public exploit:

https://www.exploit-db.com/exploits/8037/

Vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

ProFTPD Server 1.3.1, with NLS support enabled, allows remote attackers to bypass SQL injection protection mechanisms via invalid, encoded multibyte characters, which are not properly handled in (1) mod_sql_mysql and (2) mod_sql_postgres.

Remediation

Install update from vendor's repository.

ID:11704 - Exploit for Improper neutralization of special elements used in an sql command ('sql injection') in ProFTPD - CVE-2009-0543

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human