CVE-2009-4795 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.8 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:N/C:P/I:P/A:P

Base Score

CVSS 3.x

EPSS Score

Percentile: 38%

Affected Products (NVD)

Vendor	Product	Version
xlightftpd	xlight_ftp_server	𝑥 ≤ 3.2
xlightftpd	xlight_ftp_server	1.60
xlightftpd	xlight_ftp_server	1.61
xlightftpd	xlight_ftp_server	1.62
xlightftpd	xlight_ftp_server	1.62a:a
xlightftpd	xlight_ftp_server	1.64
xlightftpd	xlight_ftp_server	1.65
xlightftpd	xlight_ftp_server	2.0
xlightftpd	xlight_ftp_server	2.01
xlightftpd	xlight_ftp_server	2.1
xlightftpd	xlight_ftp_server	2.2
xlightftpd	xlight_ftp_server	2.02
xlightftpd	xlight_ftp_server	2.03
xlightftpd	xlight_ftp_server	2.8
xlightftpd	xlight_ftp_server	2.24
xlightftpd	xlight_ftp_server	2.27
xlightftpd	xlight_ftp_server	2.40
xlightftpd	xlight_ftp_server	2.60
xlightftpd	xlight_ftp_server	2.70
xlightftpd	xlight_ftp_server	2.72
xlightftpd	xlight_ftp_server	2.82
xlightftpd	xlight_ftp_server	2.83
xlightftpd	xlight_ftp_server	2.85
xlightftpd	xlight_ftp_server	2.86
xlightftpd	xlight_ftp_server	2.706
xlightftpd	xlight_ftp_server	2.835
xlightftpd	xlight_ftp_server	2.861
xlightftpd	xlight_ftp_server	3.0
xlightftpd	xlight_ftp_server	3.0.5
xlightftpd	xlight_ftp_server	3.1
xlightftpd	xlight_ftp_server	3.1.1
xlightftpd	xlight_ftp_server	3.1.5
xlightftpd	xlight_ftp_server	3.1.6

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.

References

http://secunia.com/advisories/34513

http://www.securityfocus.com/bid/34288

http://www.xlightftpd.com/forum/viewtopic.php?t=1042

http://www.xlightftpd.com/whatsnew.htm

https://exchange.xforce.ibmcloud.com/vulnerabilities/49495

http://secunia.com/advisories/34513

http://www.securityfocus.com/bid/34288

http://www.xlightftpd.com/forum/viewtopic.php?t=1042

http://www.xlightftpd.com/whatsnew.htm

https://exchange.xforce.ibmcloud.com/vulnerabilities/49495