CVE-2009-4795
Xlight FTP Server 3.2 - 'user' SQL Injection
Severity Score
9.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
3
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Multiple SQL injection vulnerabilities in Xlight FTP Server before 3.2.1, when ODBC authentication is enabled, allow remote attackers to execute arbitrary SQL commands via the (1) USER (aka username) or (2) PASS (aka password) command.
Multiples vulnerabilidades de inyección SQL en Xlight FTP Server en versiones anteriores a la v3.2.1, cuando la autenticación ODBC está activada, permite a los usuarios remotos autenticados ejecutar comandos de su elección SQL a través del comando (1) USER (también conocido como username) o (2) PASS (password).
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2009-03-19 First Exploit
- 2010-04-22 CVE Reserved
- 2010-04-22 CVE Published
- 2024-08-07 CVE Updated
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://www.xlightftpd.com/whatsnew.htm | X_refsource_confirm | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/49495 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/32877 | 2009-03-19 | |
| http://www.securityfocus.com/bid/34288 | 2024-08-07 | |
| http://www.xlightftpd.com/forum/viewtopic.php?t=1042 | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/34513 | 2017-08-17 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Xlightftpd Search vendor "Xlightftpd" | Xlight Ftp Server Search vendor "Xlightftpd" for product "Xlight Ftp Server" | <= 3.2 Search vendor "Xlightftpd" for product "Xlight Ftp Server" and version " <= 3.2" | - |
Affected
| ||||||
| Xlightftpd Search vendor "Xlightftpd" | Xlight Ftp Server Search vendor "Xlightftpd" for product "Xlight Ftp Server" | 1.60 Search vendor "Xlightftpd" for product "Xlight Ftp Server" and version "1.60" | - |
Affected
| ||||||
| Xlightftpd Search vendor "Xlightftpd" | Xlight Ftp Server Search vendor "Xlightftpd" for product "Xlight Ftp Server" | 1.61 Search vendor "Xlightftpd" for product "Xlight Ftp Server" and version "1.61" | - |
Affected
| ||||||
| Xlightftpd Search vendor "Xlightftpd" | Xlight Ftp Server Search vendor "Xlightftpd" for product "Xlight Ftp Server" | 1.62 Search vendor "Xlightftpd" for product "Xlight Ftp Server" and version "1.62" | - |
Affected
| ||||||
| Xlightftpd Search vendor "Xlightftpd" | Xlight Ftp Server Search vendor "Xlightftpd" for product "Xlight Ftp Server" | 1.62a Search vendor "Xlightftpd" for product "Xlight Ftp Server" and version "1.62a" | - |
Affected
| ||||||
| Xlightftpd Search vendor "Xlightftpd" | Xlight Ftp Server Search vendor "Xlightftpd" for product "Xlight Ftp Server" | 1.64 Search vendor "Xlightftpd" for product "Xlight Ftp Server" and version "1.64" | - |
Affected
| ||||||
| Xlightftpd Search vendor "Xlightftpd" | Xlight Ftp Server Search vendor "Xlightftpd" for product "Xlight Ftp Server" | 1.65 Search vendor "Xlightftpd" for product "Xlight Ftp Server" and version "1.65" | - |
Affected
| ||||||
| Xlightftpd Search vendor "Xlightftpd" | Xlight Ftp Server Search vendor "Xlightftpd" for product "Xlight Ftp Server" | 2.0 Search vendor "Xlightftpd" for product "Xlight Ftp Server" and version "2.0" | - |
Affected
| ||||||
| Xlightftpd Search vendor "Xlightftpd" | Xlight Ftp Server Search vendor "Xlightftpd" for product "Xlight Ftp Server" | 2.01 Search vendor "Xlightftpd" for product "Xlight Ftp Server" and version "2.01" | - |
Affected
| ||||||
| Xlightftpd Search vendor "Xlightftpd" | Xlight Ftp Server Search vendor "Xlightftpd" for product "Xlight Ftp Server" | 2.1 Search vendor "Xlightftpd" for product "Xlight Ftp Server" and version "2.1" | - |
Affected
| ||||||
| Xlightftpd Search vendor "Xlightftpd" | Xlight Ftp Server Search vendor "Xlightftpd" for product "Xlight Ftp Server" | 2.2 Search vendor "Xlightftpd" for product "Xlight Ftp Server" and version "2.2" | - |
Affected
| ||||||
| Xlightftpd Search vendor "Xlightftpd" | Xlight Ftp Server Search vendor "Xlightftpd" for product "Xlight Ftp Server" | 2.02 Search vendor "Xlightftpd" for product "Xlight Ftp Server" and version "2.02" | - |
Affected
| ||||||
| Xlightftpd Search vendor "Xlightftpd" | Xlight Ftp Server Search vendor "Xlightftpd" for product "Xlight Ftp Server" | 2.03 Search vendor "Xlightftpd" for product "Xlight Ftp Server" and version "2.03" | - |
Affected
| ||||||
| Xlightftpd Search vendor "Xlightftpd" | Xlight Ftp Server Search vendor "Xlightftpd" for product "Xlight Ftp Server" | 2.8 Search vendor "Xlightftpd" for product "Xlight Ftp Server" and version "2.8" | - |
Affected
| ||||||
| Xlightftpd Search vendor "Xlightftpd" | Xlight Ftp Server Search vendor "Xlightftpd" for product "Xlight Ftp Server" | 2.24 Search vendor "Xlightftpd" for product "Xlight Ftp Server" and version "2.24" | - |
Affected
| ||||||
| Xlightftpd Search vendor "Xlightftpd" | Xlight Ftp Server Search vendor "Xlightftpd" for product "Xlight Ftp Server" | 2.27 Search vendor "Xlightftpd" for product "Xlight Ftp Server" and version "2.27" | - |
Affected
| ||||||
| Xlightftpd Search vendor "Xlightftpd" | Xlight Ftp Server Search vendor "Xlightftpd" for product "Xlight Ftp Server" | 2.40 Search vendor "Xlightftpd" for product "Xlight Ftp Server" and version "2.40" | - |
Affected
| ||||||
| Xlightftpd Search vendor "Xlightftpd" | Xlight Ftp Server Search vendor "Xlightftpd" for product "Xlight Ftp Server" | 2.60 Search vendor "Xlightftpd" for product "Xlight Ftp Server" and version "2.60" | - |
Affected
| ||||||
| Xlightftpd Search vendor "Xlightftpd" | Xlight Ftp Server Search vendor "Xlightftpd" for product "Xlight Ftp Server" | 2.70 Search vendor "Xlightftpd" for product "Xlight Ftp Server" and version "2.70" | - |
Affected
| ||||||
| Xlightftpd Search vendor "Xlightftpd" | Xlight Ftp Server Search vendor "Xlightftpd" for product "Xlight Ftp Server" | 2.72 Search vendor "Xlightftpd" for product "Xlight Ftp Server" and version "2.72" | - |
Affected
| ||||||
| Xlightftpd Search vendor "Xlightftpd" | Xlight Ftp Server Search vendor "Xlightftpd" for product "Xlight Ftp Server" | 2.82 Search vendor "Xlightftpd" for product "Xlight Ftp Server" and version "2.82" | - |
Affected
| ||||||
| Xlightftpd Search vendor "Xlightftpd" | Xlight Ftp Server Search vendor "Xlightftpd" for product "Xlight Ftp Server" | 2.83 Search vendor "Xlightftpd" for product "Xlight Ftp Server" and version "2.83" | - |
Affected
| ||||||
| Xlightftpd Search vendor "Xlightftpd" | Xlight Ftp Server Search vendor "Xlightftpd" for product "Xlight Ftp Server" | 2.85 Search vendor "Xlightftpd" for product "Xlight Ftp Server" and version "2.85" | - |
Affected
| ||||||
| Xlightftpd Search vendor "Xlightftpd" | Xlight Ftp Server Search vendor "Xlightftpd" for product "Xlight Ftp Server" | 2.86 Search vendor "Xlightftpd" for product "Xlight Ftp Server" and version "2.86" | - |
Affected
| ||||||
| Xlightftpd Search vendor "Xlightftpd" | Xlight Ftp Server Search vendor "Xlightftpd" for product "Xlight Ftp Server" | 2.706 Search vendor "Xlightftpd" for product "Xlight Ftp Server" and version "2.706" | - |
Affected
| ||||||
| Xlightftpd Search vendor "Xlightftpd" | Xlight Ftp Server Search vendor "Xlightftpd" for product "Xlight Ftp Server" | 2.835 Search vendor "Xlightftpd" for product "Xlight Ftp Server" and version "2.835" | - |
Affected
| ||||||
| Xlightftpd Search vendor "Xlightftpd" | Xlight Ftp Server Search vendor "Xlightftpd" for product "Xlight Ftp Server" | 2.861 Search vendor "Xlightftpd" for product "Xlight Ftp Server" and version "2.861" | - |
Affected
| ||||||
| Xlightftpd Search vendor "Xlightftpd" | Xlight Ftp Server Search vendor "Xlightftpd" for product "Xlight Ftp Server" | 3.0 Search vendor "Xlightftpd" for product "Xlight Ftp Server" and version "3.0" | - |
Affected
| ||||||
| Xlightftpd Search vendor "Xlightftpd" | Xlight Ftp Server Search vendor "Xlightftpd" for product "Xlight Ftp Server" | 3.0.5 Search vendor "Xlightftpd" for product "Xlight Ftp Server" and version "3.0.5" | - |
Affected
| ||||||
| Xlightftpd Search vendor "Xlightftpd" | Xlight Ftp Server Search vendor "Xlightftpd" for product "Xlight Ftp Server" | 3.1 Search vendor "Xlightftpd" for product "Xlight Ftp Server" and version "3.1" | - |
Affected
| ||||||
| Xlightftpd Search vendor "Xlightftpd" | Xlight Ftp Server Search vendor "Xlightftpd" for product "Xlight Ftp Server" | 3.1.1 Search vendor "Xlightftpd" for product "Xlight Ftp Server" and version "3.1.1" | - |
Affected
| ||||||
| Xlightftpd Search vendor "Xlightftpd" | Xlight Ftp Server Search vendor "Xlightftpd" for product "Xlight Ftp Server" | 3.1.5 Search vendor "Xlightftpd" for product "Xlight Ftp Server" and version "3.1.5" | - |
Affected
| ||||||
| Xlightftpd Search vendor "Xlightftpd" | Xlight Ftp Server Search vendor "Xlightftpd" for product "Xlight Ftp Server" | 3.1.6 Search vendor "Xlightftpd" for product "Xlight Ftp Server" and version "3.1.6" | - |
Affected
| ||||||