CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2010-4652

Heap-based buffer overflow in the sql_prepare_where function (contrib/mod_sql.c) in ProFTPD before 1.3.3d, when mod_sql is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted username containing substitution tags, which are not properly handled during construction of an SQL query.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.07

EPSS Ranking 91.0%

CVSS Severity

CVSS v2 Score 6.8

References

Products affected by CVE-2010-4652

Proftpd » Proftpd » Version: 1.2.0

cpe:2.3:a:proftpd:proftpd:1.2.0
Proftpd » Proftpd » Version: 1.2.1

cpe:2.3:a:proftpd:proftpd:1.2.1
Proftpd » Proftpd » Version: 1.2.10

cpe:2.3:a:proftpd:proftpd:1.2.10
Proftpd » Proftpd » Version: 1.2.2

cpe:2.3:a:proftpd:proftpd:1.2.2
Proftpd » Proftpd » Version: 1.2.3

cpe:2.3:a:proftpd:proftpd:1.2.3
Proftpd » Proftpd » Version: 1.2.4

cpe:2.3:a:proftpd:proftpd:1.2.4
Proftpd » Proftpd » Version: 1.2.5

cpe:2.3:a:proftpd:proftpd:1.2.5
Proftpd » Proftpd » Version: 1.2.6

cpe:2.3:a:proftpd:proftpd:1.2.6
Proftpd » Proftpd » Version: 1.2.7

cpe:2.3:a:proftpd:proftpd:1.2.7
Proftpd » Proftpd » Version: 1.2.8

cpe:2.3:a:proftpd:proftpd:1.2.8
Proftpd » Proftpd » Version: 1.2.9

cpe:2.3:a:proftpd:proftpd:1.2.9
Proftpd » Proftpd » Version: 1.3.0

cpe:2.3:a:proftpd:proftpd:1.3.0
Proftpd » Proftpd » Version: 1.3.1

cpe:2.3:a:proftpd:proftpd:1.3.1
Proftpd » Proftpd » Version: 1.3.2

cpe:2.3:a:proftpd:proftpd:1.3.2
Proftpd » Proftpd » Version: 1.3.3

cpe:2.3:a:proftpd:proftpd:1.3.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2010-4652

Products

Pricing

Contact Us