A vulnerability in the FTP server ProFTPD can lead to the execution of injected malicious code. The security flaw is found in the included mod_sql. A proof-of-concept exploit is already available.