Description
mod_auth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character.
Remediation
References
Related Vulnerabilities
WordPress Plugin Jetpack-WP Security, Backup, Speed, & Growth Multiple Vulnerabilities (3.7.0)
WordPress Plugin Livemesh Addons for Elementor Security Bypass (2.5.2)
WordPress Plugin Timeline Calendar SQL Injection (1.2)
WordPress Plugin Social Share Icons & Social Share Buttons Security Bypass (3.0.2)