SQL injection vulnerability in ProFTPD Server 1.3.1 through 1.3.2rc2 allows
remote attackers to execute arbitrary SQL commands via a "%" (percent)
character in the username, which introduces a "'" (single quote) character
during variable substitution by mod_sql.