Vulnerabilities

CVE-2026-42167

by Fred · 28/04/2026

mod_sql in ProFTPD before 1.3.9a allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER requests with an expansion such as %U, and the SQL backend allows commands (e.g., COPY TO PROGRAM).

More information : http://www.proftpd.org/docs/RELEASE_NOTES-1.3.10rc1

Similar

Tags: Cybersecurity Alert