CVE-2009-0543

Name of the Vulnerable Software and Affected Versions ProFTPD Server version 1.3.1

Description The issue allows remote attackers to bypass SQL injection protection mechanisms via invalid, encoded multibyte characters, which are not properly handled in (1) mod sql mysql and (2) mod sql postgres. This can lead to a violation of confidentiality, integrity, and availability of protected information. The exploitation of the vulnerabilities can be carried out remotely.

Recommendations For ProFTPD Server version 1.3.1, consider disabling the mod sql mysql and mod sql postgres modules until a patch is available to prevent SQL injection attacks. Restrict access to the ProFTPD Server to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.