Description
lighttpd before 1.4.20 compares URIs to patterns in the (1) url.redirect and (2) url.rewrite configuration settings before performing URL decoding, which might allow remote attackers to bypass intended access restrictions, and obtain sensitive information or possibly modify data.
Remediation
References
Related Vulnerabilities
WordPress Plugin Top 10-Popular posts for WordPress SQL Injection (2.4.3)
PHP Other Vulnerability (CVE-2006-1017)
Drupal Core 8.x.x Security Bypass (8.0.0 - 8.6.18)
WordPress Plugin Advanced File Manager Information Disclosure (5.2.4)
Jenkins Deserialization of Untrusted Data Vulnerability (CVE-2022-0538)