Description
SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to request_check_hostname.
Remediation
References
Related Vulnerabilities
Next.js Incorrect Authorization Vulnerability (CVE-2024-51479)
WordPress Plugin Direct Download for Woocommerce Arbitrary File Download (1.15)
WordPress Plugin MediaRSS external gallery TimThumb Arbitrary File Upload (0.1)
Magento Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-7903)
SharePoint Deserialization of Untrusted Data Vulnerability (CVE-2026-40368)