ZeroPathAI/proftpd-CVE-2026-42167-poc

Releases0

Stars22

POCs to demonstrate CVE-2026-42167 in ProFTPD

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2026-42167 ↗	Apr 28, 2026Tuesday, 28 April 2026, 23:16	8.1 HIGH	—
mod_sql in ProFTPD before 1.3.9a allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER requests with an expansion such as %U, and the SQL backend allows commands (e.g., COPY TO PROGRAM).