CVE-2009-4795 Information

Description

Multiple SQL injection vulnerabilities in Xlight FTP Server before 3.2.1 when ODBC authentication is enabled allow remote attackers to execute arbitrary SQL commands via the (1) USER (aka username) or (2) PASS (aka password) command.

Reference

http://secunia.com/advisories/34513 http://www.securityfocus.com/bid/34288 http://www.xlightftpd.com/forum/viewtopic.php?t=1042 http://www.xlightftpd.com/whatsnew.htm https://exchange.xforce.ibmcloud.com/vulnerabilities/49495