FeedVulnerabilityProFTPD’s SQL Injection Vulnerability Enables Remote Code Ex...
VulnerabilityCyber Security News
8.1CRITICAL

ProFTPD’s SQL Injection Vulnerability Enables Remote Code Execution Attacks

📅 30 April 2026 at 07:54 UTC📰 Cyber Security NewsView original source ↗
ProFTPD’s SQL Injection Vulnerability Enables Remote Code Execution Attacks

A critical SQL injection vulnerability in ProFTPD, one of the Internet’s most widely deployed FTP servers. Tracked as CVE-2026-42167, this flaw carries a CVSS severity score of 8.1 and affects the mod_sql extension. Depending on how the server is configured, attackers can exploit this bug to bypass authentication, elevate their privileges, or achieve remote code execution (RCE). ProFTPD […] The post ProFTPD’s SQL Injection Vulnerability Enables Remote Code Execution Attacks appeared first on Cyber Security News.

🤖 AI BriefingAuto-generated threat analysis
🔍Threat Overview

A critical SQL injection vulnerability in ProFTPD allows attackers to bypass authentication, elevate privileges, or achieve remote code execution (RCE), posing a significant threat to FTP servers worldwide.

⚙️Technical Details
CVEs
CVE-2026-42167Affected Systems: ProFTPD before 1.3.9aAttack Vectors: NETWORK
Affected Systems
ProFTPD before 1.3.9a
Attack Vectors
NETWORK
💥Impact Assessment
Severity: critical
Who Is at Risk
FTP servers and administrators with ProFTPD installed
🛡️Recommended Actions
1Immediately update to the latest version of ProFTPD (1.3.9a or later)
2Disable the mod_sql extension until a patch is available
3Implement strict access controls and monitoring for FTP server logs
📦Affected Products
ProFTPD before 1.3.9a
🔐NVD Verified DataVERIFIED
CVE-2026-42167CVSS 8.1HIGH
Attack Vector
NETWORK
Complexity
HIGH
Vector String
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Weaknesses
CWE-89

Read the full article

This is a curated summary. The complete article is available at Cyber Security News.

Read on Cyber Security News
← Back to feed