SQL injection vulnerability in modmysqlvhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to requestcheckhostname.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "1.4.33-1+nmu2ubuntu2.1", "binary_name": "lighttpd" }, { "binary_version": "1.4.33-1+nmu2ubuntu2.1", "binary_name": "lighttpd-dbgsym" }, { "binary_version": "1.4.33-1+nmu2ubuntu2.1", "binary_name": "lighttpd-dev" }, { "binary_version": "1.4.33-1+nmu2ubuntu2.1", "binary_name": "lighttpd-doc" }, { "binary_version": "1.4.33-1+nmu2ubuntu2.1", "binary_name": "lighttpd-mod-cml" }, { "binary_version": "1.4.33-1+nmu2ubuntu2.1", "binary_name": "lighttpd-mod-cml-dbgsym" }, { "binary_version": "1.4.33-1+nmu2ubuntu2.1", "binary_name": "lighttpd-mod-magnet" }, { "binary_version": "1.4.33-1+nmu2ubuntu2.1", "binary_name": "lighttpd-mod-magnet-dbgsym" }, { "binary_version": "1.4.33-1+nmu2ubuntu2.1", "binary_name": "lighttpd-mod-mysql-vhost" }, { "binary_version": "1.4.33-1+nmu2ubuntu2.1", "binary_name": "lighttpd-mod-mysql-vhost-dbgsym" }, { "binary_version": "1.4.33-1+nmu2ubuntu2.1", "binary_name": "lighttpd-mod-trigger-b4-dl" }, { "binary_version": "1.4.33-1+nmu2ubuntu2.1", "binary_name": "lighttpd-mod-trigger-b4-dl-dbgsym" }, { "binary_version": "1.4.33-1+nmu2ubuntu2.1", "binary_name": "lighttpd-mod-webdav" }, { "binary_version": "1.4.33-1+nmu2ubuntu2.1", "binary_name": "lighttpd-mod-webdav-dbgsym" } ] }