VDB

GCVE-110-MAGEIA-2014-133

GCVE-110-MAGEIA-2014-133
Advisory Published
Vulnetix · Advisory published March 19, 2014
SQL injection vulnerability in lighttpd before 1.4.35 when mod_mysql_vhost is in use, due to insufficient validation of hostnames in HTTP requests (CVE-2014-2323). Possible path traversal vulnerabilities in lighttpd before 1.4.35 when either mod_evhost or mod_simple_vhost are in use, due to insufficient validation of hostnames in HTTP requests (CVE-2014-2324).

Affected Products

VendorProductVersionsPlatforms
Mageialighttpd0 (affected), 1.4.32-3.7.mga3 (unaffected), 0 (affected), 1.4.32-3.7.mga3 (unaffected)
Mageialighttpd0 (affected), 1.4.33-4.1.mga4 (unaffected), 1.4.33-4.1.mga4 (unaffected), 0 (affected)
Mageiaxfce4-weather-plugin0 (affected), 0.8.3-3.1.mga4 (unaffected)

Browse GCVE Records

73,196 records in the GCVE database · Updated July 17, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›