5 matches found
lighttpd 'mod_mysql_vhost.c' SQL注入漏洞
BUGTRAQ ID: 66153 CVECAN ID: CVE-2014-2323 Lighttpd是一款轻型的开放源码Web Server软件包。 由于程序在进行SQL查询前未能充分过滤用户提供的输入,攻击者可以利用漏洞危及应用程序,访问或修改数据,或利用底层数据库中潜在的漏洞。 0 lighttpd 1.4.35 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.lighttpd.net...
CVE-2014-2323
SQL injection vulnerability in modmysqlvhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to requestcheckhostname...
CVE-2014-2323
SQL injection vulnerability in modmysqlvhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to requestcheckhostname...
CVE-2014-2323
Lighttpd vulnerability CVE-2014-2323: SQL injection in mod_mysql_vhost.c allows remote command execution via the host name (related to request_check_hostname). Affected software: lighttpd prior to 1.4.35. Impact risk is described in public advisories as enabling arbitrary SQL execution. Remediati...
CVE-2014-2323
SQL injection vulnerability in modmysqlvhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to requestcheckhostname...