Search for vulnerabilities
Vulnerability details: VCID-ur71-y7pz-aaab
Vulnerability ID VCID-ur71-y7pz-aaab
Aliases CVE-2009-0543
Summary ProFTPD Server 1.3.1, with NLS support enabled, allows remote attackers to bypass SQL injection protection mechanisms via invalid, encoded multibyte characters, which are not properly handled in (1) mod_sql_mysql and (2) mod_sql_postgres.
Status Published
Exploitability 2.0
Weighted Severity 6.1
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
System Score Found at
epss 0.00345 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.00345 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.00345 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.00345 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.00345 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.00345 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.00345 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.00345 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.00345 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.00345 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.00345 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.00345 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.00345 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.00345 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.00345 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.00345 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.00592 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.00592 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.00592 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.00592 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.00592 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.00592 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.00592 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.00592 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.00592 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.00592 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.00592 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.00592 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.00592 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.00592 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.00592 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.00592 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.00592 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.00592 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.00592 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.00592 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.00592 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.00592 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.00592 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.00592 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.00592 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.00592 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.00592 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.00592 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.00592 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.00592 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.00592 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.00592 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.00592 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.00592 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.006 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.006 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.006 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.006 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.006 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.02314 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.02314 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.02314 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.02314 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.02314 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.02314 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.02314 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.02314 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.02314 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.02314 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.02314 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.02314 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.02314 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.02314 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.02314 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.02314 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.02314 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.02314 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.02314 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.02314 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.02314 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.02314 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.02314 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.02314 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.02314 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.02314 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
epss 0.04637 https://api.first.org/data/v1/epss?cve=CVE-2009-0543
cvssv2 6.8 https://nvd.nist.gov/vuln/detail/CVE-2009-0543
Reference id Reference type URL
http://bugs.proftpd.org/show_bug.cgi?id=3173
https://api.first.org/data/v1/epss?cve=CVE-2009-0543
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0543
http://secunia.com/advisories/34268
http://security.gentoo.org/glsa/glsa-200903-27.xml
http://www.debian.org/security/2009/dsa-1730
http://www.mandriva.com/security/advisories?name=MDVSA-2009:061
http://www.openwall.com/lists/oss-security/2009/02/11/4
http://www.openwall.com/lists/oss-security/2009/02/11/5
516388 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=516388
cpe:2.3:a:proftpd:proftpd:1.3.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:proftpd:proftpd:1.3.1:*:*:*:*:*:*:*
CVE-2009-0543 https://nvd.nist.gov/vuln/detail/CVE-2009-0543
GLSA-200903-27 https://security.gentoo.org/glsa/200903-27
Data source Exploit-DB
Date added Feb. 9, 2009
Description ProFTPd - 'mod_mysql' Authentication Bypass
Ransomware campaign use Known
Source publication date Feb. 10, 2009
Exploit type remote
Platform multiple
Source update date Oct. 27, 2016
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2009-0543
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.72134
EPSS Score 0.00345
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.