CVE-2003-0500

PostgreSQL <1.2.9rc1 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-0500. PoCs published by Spaine.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in ProFTPD 1.2.9 rc1's mod_sql module. It sends a crafted USER command with a UNION-based SQL injection payload to bypass authentication and potentially extract user credentials.

Description

SQL injection vulnerability in the PostgreSQL authentication module (mod_sql_postgres) for ProFTPD before 1.2.9rc1 allows remote attackers to execute arbitrary SQL and gain privileges by bypassing authentication or stealing passwords via the USER name.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Spaine · perlremotelinux

https://www.exploit-db.com/exploits/43

View Code ZIP pw:eip

This exploit demonstrates a SQL injection vulnerability in ProFTPD 1.2.9 rc1's mod_sql module. It sends a crafted USER command with a UNION-based SQL injection payload to bypass authentication and potentially extract user credentials.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: ProFTPD 1.2.9 rc1 with mod_sql

No auth needed

Prerequisites: Network access to the ProFTPD server on port 21 · ProFTPD 1.2.9 rc1 with mod_sql enabled

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Mailing List mailing-list x_refsource_fulldisc

http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/005826.html

Patch, Vendor Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2003/dsa-338

Scores

EPSS 0.1827

EPSS Percentile 96.9%

Details

Status published

Products (1)

proftpd_project/proftpd 1.2.9_rc1

Published Aug 07, 2003

Tracked Since Feb 18, 2026