Vulnerability Details CVE-2022-0073
Improper Input Validation vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Command Injection. This affects 1.7.0 versions before 1.7.16.1.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.021
EPSS Ranking 83.9%
CVSS Severity
CVSS v3 Score 8.8
References
- https://github.com/litespeedtech/openlitespeed/blob/v1.7.16.1/dist/admin/html.open/lib/CValidation.php#L565
- https://github.com/litespeedtech/openlitespeed/blob/v1.7.16/dist/admin/html.open/lib/CValidation.php#L565
- https://github.com/litespeedtech/openlitespeed/blob/v1.7.16.1/dist/admin/html.open/lib/CValidation.php#L565
- https://github.com/litespeedtech/openlitespeed/blob/v1.7.16/dist/admin/html.open/lib/CValidation.php#L565
Products affected by CVE-2022-0073
-
cpe:2.3:a:litespeedtech:openlitespeed:1.7.0
-
cpe:2.3:a:litespeedtech:openlitespeed:1.7.1
-
cpe:2.3:a:litespeedtech:openlitespeed:1.7.10
-
cpe:2.3:a:litespeedtech:openlitespeed:1.7.10.1
-
cpe:2.3:a:litespeedtech:openlitespeed:1.7.10.2
-
cpe:2.3:a:litespeedtech:openlitespeed:1.7.12
-
cpe:2.3:a:litespeedtech:openlitespeed:1.7.12.1
-
cpe:2.3:a:litespeedtech:openlitespeed:1.7.13
-
cpe:2.3:a:litespeedtech:openlitespeed:1.7.13.1
-
cpe:2.3:a:litespeedtech:openlitespeed:1.7.13.2
-
cpe:2.3:a:litespeedtech:openlitespeed:1.7.14
-
cpe:2.3:a:litespeedtech:openlitespeed:1.7.15
-
cpe:2.3:a:litespeedtech:openlitespeed:1.7.15.2
-
cpe:2.3:a:litespeedtech:openlitespeed:1.7.16
-
cpe:2.3:a:litespeedtech:openlitespeed:1.7.16.1
-
cpe:2.3:a:litespeedtech:openlitespeed:1.7.2
-
cpe:2.3:a:litespeedtech:openlitespeed:1.7.3
-
cpe:2.3:a:litespeedtech:openlitespeed:1.7.4
-
cpe:2.3:a:litespeedtech:openlitespeed:1.7.5
-
cpe:2.3:a:litespeedtech:openlitespeed:1.7.6
-
cpe:2.3:a:litespeedtech:openlitespeed:1.7.7
-
cpe:2.3:a:litespeedtech:openlitespeed:1.7.8
-
cpe:2.3:a:litespeedtech:openlitespeed:1.7.9
-
cpe:2.3:a:litespeedtech:openlitespeed:1.7.9.1
-
cpe:2.3:a:litespeedtech:openlitespeed:1.7.9.2