← back
CVE-2022-0073

Authenticated Remote Code Execution in OpenLiteSpeed Web Server

CVSS 8.8 HIGHEPSS 8.7%CWE-20
Improper Input Validation vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Command Injection. This affects 1.7.0 versions before 1.7.16.1.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
LiteSpeed Technologies · LiteSpeed Web ServerLiteSpeed Technologies · OpenLiteSpeed Web Server

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/litespeedtech/openlitespeed/blob/v1.7.16.1/dist/admin/html.open/lib/CValidation.php#L565https://github.com/litespeedtech/openlitespeed/blob/v1.7.16/dist/admin/html.open/lib/CValidation.php#L565