## https://sploitus.com/exploit?id=6AA60140-B0EA-5986-806E-3FC4CD991555
# Description
This repository contains a functional exploit for CVE-2026-42167. The flaw exists in how mod_sql handles certain logging variables (like %U), allowing an unauthenticated attacker to inject SQL commands via the USER command.
- Vulnerability Type: SQL Injection (CWE-89)
- Severity: High (CVSS 8.1)
- Affected Versions: ProFTPD 1.3.9 and below.
- Patched Version: ProFTPD 1.3.9a / 1.3.10rc1.
# Disclimar
Unauthorized access to computer systems is illegal. I am not responsible for any misuse of this software. Use this PoC only on systems you own or have explicit permission to test.