CVE-2014-2323
CRITICAL NUCLEIlighttpd <1.4.35 - SQL Injection
Title source: llmDescription
SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to request_check_hostname.
Exploits (1)
Nuclei Templates (1)
Lighttpd 1.4.34 SQL Injection and Path Traversal
CRITICALby geeknik
Shodan:
cpe:"cpe:2.3:a:lighttpd:lighttpd"
References (12)
Scores
CVSS v3
9.8
EPSS
0.9037
EPSS Percentile
99.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (9)
debian/debian_linux
6.0
debian/debian_linux
7.0
debian/debian_linux
8.0
lighttpd/lighttpd
< 1.4.35
opensuse/opensuse
11.4
opensuse/opensuse
12.3
opensuse/opensuse
13.1
suse/linux_enterprise_high_availability_extension
11 sp3
suse/linux_enterprise_software_development_kit
11 sp3
Published
Mar 14, 2014
Tracked Since
Feb 18, 2026