CVE-2014-2323
published 2014-03-14CVE-2014-2323: SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to request_check_hostname.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | lighttpd | < lighttpd 1.4.33-1+nmu3 (bookworm) | lighttpd 1.4.33-1+nmu3 (bookworm) |
| lighttpd | lighttpd | < 1.4.35 | 1.4.35 |
| lighttpd | lighttpd | >= 0 < 1.4.33-1+nmu3 | 1.4.33-1+nmu3 |
| lighttpd | lighttpd | >= 0 < 1.4.33-1+nmu3 | 1.4.33-1+nmu3 |
| lighttpd | lighttpd | >= 0 < 1.4.33-1+nmu3 | 1.4.33-1+nmu3 |
| lighttpd | lighttpd | >= 0 < 1.4.33-1+nmu3 | 1.4.33-1+nmu3 |
| opensuse | opensuse | — | — |
| opensuse | opensuse | — | — |
| opensuse | opensuse | — | — |
| suse | linux_enterprise_high_availability_extension | — | — |
| suse | linux_enterprise_software_development_kit | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL