Vulnerability Details CVE-2022-0073
Improper Input Validation vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Command Injection. This affects 1.7.0 versions before 1.7.16.1.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 67.6%
CVSS Severity
CVSS v3 Score 8.8
References
- https://github.com/litespeedtech/openlitespeed/blob/v1.7.16.1/dist/admin/html.open/lib/CValidation.php#L565
- https://github.com/litespeedtech/openlitespeed/blob/v1.7.16/dist/admin/html.open/lib/CValidation.php#L565
- https://github.com/litespeedtech/openlitespeed/blob/v1.7.16.1/dist/admin/html.open/lib/CValidation.php#L565
- https://github.com/litespeedtech/openlitespeed/blob/v1.7.16/dist/admin/html.open/lib/CValidation.php#L565
Products affected by CVE-2022-0073
-
cpe:2.3:a:litespeedtech:openlitespeed:1.7.0
-
cpe:2.3:a:litespeedtech:openlitespeed:1.7.1
-
cpe:2.3:a:litespeedtech:openlitespeed:1.7.10
-
cpe:2.3:a:litespeedtech:openlitespeed:1.7.10.1
-
cpe:2.3:a:litespeedtech:openlitespeed:1.7.10.2
-
cpe:2.3:a:litespeedtech:openlitespeed:1.7.12
-
cpe:2.3:a:litespeedtech:openlitespeed:1.7.12.1
-
cpe:2.3:a:litespeedtech:openlitespeed:1.7.13
-
cpe:2.3:a:litespeedtech:openlitespeed:1.7.13.1
-
cpe:2.3:a:litespeedtech:openlitespeed:1.7.13.2
-
cpe:2.3:a:litespeedtech:openlitespeed:1.7.14
-
cpe:2.3:a:litespeedtech:openlitespeed:1.7.15
-
cpe:2.3:a:litespeedtech:openlitespeed:1.7.15.2
-
cpe:2.3:a:litespeedtech:openlitespeed:1.7.16
-
cpe:2.3:a:litespeedtech:openlitespeed:1.7.16.1
-
cpe:2.3:a:litespeedtech:openlitespeed:1.7.2
-
cpe:2.3:a:litespeedtech:openlitespeed:1.7.3
-
cpe:2.3:a:litespeedtech:openlitespeed:1.7.4
-
cpe:2.3:a:litespeedtech:openlitespeed:1.7.5
-
cpe:2.3:a:litespeedtech:openlitespeed:1.7.6
-
cpe:2.3:a:litespeedtech:openlitespeed:1.7.7
-
cpe:2.3:a:litespeedtech:openlitespeed:1.7.8
-
cpe:2.3:a:litespeedtech:openlitespeed:1.7.9
-
cpe:2.3:a:litespeedtech:openlitespeed:1.7.9.1
-
cpe:2.3:a:litespeedtech:openlitespeed:1.7.9.2