ZeroPath Research

3 exploits Active since Apr 2026
CVE-2026-42167 GITHUB HIGH python WORKING POC
ProFTPD < 1.3.10rc1 - Remote Code Execution
mod_sql in ProFTPD before 1.3.9a allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER requests with an expansion such as %U, and the SQL backend allows commands (e.g., COPY TO PROGRAM).
4 stars
CVSS 8.1
CVE-2026-42167 NOMISEC HIGH WRITEUP
ProFTPD < 1.3.10rc1 - Remote Code Execution
mod_sql in ProFTPD before 1.3.9a allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER requests with an expansion such as %U, and the SQL backend allows commands (e.g., COPY TO PROGRAM).
CVSS 8.1
CVE-2026-42167 NOMISEC HIGH WORKING POC
ProFTPD < 1.3.10rc1 - Remote Code Execution
mod_sql in ProFTPD before 1.3.9a allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER requests with an expansion such as %U, and the SQL backend allows commands (e.g., COPY TO PROGRAM).
CVSS 8.1