CVE-2009-4795

Name of the Vulnerable Software and Affected Versions Xlight FTP Server versions prior to 3.2.1

Description The issue allows remote attackers to execute arbitrary SQL commands when ODBC authentication is enabled. This can be achieved via the USER (aka username) or PASS (aka password) command.

Recommendations For versions prior to 3.2.1, update to version 3.2.1 or later to resolve the issue. As a temporary workaround, consider disabling ODBC authentication until a patch is applied. Restrict access to the FTP server to minimize the risk of exploitation. Avoid using the USER and PASS commands in the affected FTP server until the issue is resolved.