CVE-2014-2323

🔴 Łataj teraz

Wstrzyknięcie SQL w lighttpd umożliwia zdalne wykonanie dowolnych poleceń SQL.

CVSS

9.8

EPSS

90.4%

Exploit

poc

Vendor

debian

Opis źródłowy (NVD)

SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to request_check_hostname.

exploit sql-injection Brak patcha

Źródła i daty

Źródło	Wartość
NVD – CVSS	9.8
CISA KEV (aktywnie wykorzystywane)	Nie
FIRST EPSS (prawdopodobieństwo exploita)	90.4%
Opublikowano (NVD)	2014-03-14 15:55:05 UTC
Ostatnia modyfikacja (NVD)	2026-05-06 22:30:45 UTC

Referencje

http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt (cve@mitre.org) [Exploit, Vendor Advisory]
http://jvn.jp/en/jp/JVN37417423/index.html (cve@mitre.org) [Third Party Advisory]
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00023.html (cve@mitre.org) [Mailing List, Third Party Advisory]
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00002.html (cve@mitre.org) [Mailing List, Third Party Advisory]
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00006.html (cve@mitre.org) [Mailing List, Third Party Advisory]
http://marc.info/?l=bugtraq&m=141576815022399&w=2 (cve@mitre.org) [Mailing List, Third Party Advisory]
http://seclists.org/oss-sec/2014/q1/561 (cve@mitre.org) [Exploit, Mailing List, Third Party Advisory]
http://seclists.org/oss-sec/2014/q1/564 (cve@mitre.org) [Mailing List, Third Party Advisory]
http://secunia.com/advisories/57404 (cve@mitre.org) [Broken Link]
http://secunia.com/advisories/57514 (cve@mitre.org) [Broken Link]
http://www.debian.org/security/2014/dsa-2877 (cve@mitre.org) [Third Party Advisory]
http://www.lighttpd.net/2014/3/12/1.4.35/ (cve@mitre.org) [Patch, Vendor Advisory]