CVE-2003-0500

PostgreSQL <1.2.9rc1 - SQL Injection

Title source: llm

Description

SQL injection vulnerability in the PostgreSQL authentication module (mod_sql_postgres) for ProFTPD before 1.2.9rc1 allows remote attackers to execute arbitrary SQL and gain privileges by bypassing authentication or stealing passwords via the USER name.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Spaine · perlremotelinux

https://www.exploit-db.com/exploits/43

View Code ZIP pw:eip

References (2)

[Mailing List] http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/005826.html

[Patch, Vendor Advisory] http://www.debian.org/security/2003/dsa-338

Scores

EPSS 0.0156

EPSS Percentile 81.5%

Details

Status published

Products (1)

proftpd_project/proftpd 1.2.9_rc1

Published Aug 07, 2003

Tracked Since Feb 18, 2026