Vulnerability Details CVE-2022-0073
Improper Input Validation vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Command Injection. This affects 1.7.0 versions before 1.7.16.1.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 70.6%
CVSS Severity
CVSS v3 Score 8.8
References
- https://github.com/litespeedtech/openlitespeed/blob/v1.7.16.1/dist/admin/html.open/lib/CValidation.php#L565
- https://github.com/litespeedtech/openlitespeed/blob/v1.7.16/dist/admin/html.open/lib/CValidation.php#L565
- https://github.com/litespeedtech/openlitespeed/blob/v1.7.16.1/dist/admin/html.open/lib/CValidation.php#L565
- https://github.com/litespeedtech/openlitespeed/blob/v1.7.16/dist/admin/html.open/lib/CValidation.php#L565
Products affected by CVE-2022-0073
-
cpe:2.3:a:litespeedtech:openlitespeed:1.7.0
-
cpe:2.3:a:litespeedtech:openlitespeed:1.7.1
-
cpe:2.3:a:litespeedtech:openlitespeed:1.7.10
-
cpe:2.3:a:litespeedtech:openlitespeed:1.7.10.1
-
cpe:2.3:a:litespeedtech:openlitespeed:1.7.10.2
-
cpe:2.3:a:litespeedtech:openlitespeed:1.7.12
-
cpe:2.3:a:litespeedtech:openlitespeed:1.7.12.1
-
cpe:2.3:a:litespeedtech:openlitespeed:1.7.13
-
cpe:2.3:a:litespeedtech:openlitespeed:1.7.13.1
-
cpe:2.3:a:litespeedtech:openlitespeed:1.7.13.2
-
cpe:2.3:a:litespeedtech:openlitespeed:1.7.14
-
cpe:2.3:a:litespeedtech:openlitespeed:1.7.15
-
cpe:2.3:a:litespeedtech:openlitespeed:1.7.15.2
-
cpe:2.3:a:litespeedtech:openlitespeed:1.7.16
-
cpe:2.3:a:litespeedtech:openlitespeed:1.7.16.1
-
cpe:2.3:a:litespeedtech:openlitespeed:1.7.2
-
cpe:2.3:a:litespeedtech:openlitespeed:1.7.3
-
cpe:2.3:a:litespeedtech:openlitespeed:1.7.4
-
cpe:2.3:a:litespeedtech:openlitespeed:1.7.5
-
cpe:2.3:a:litespeedtech:openlitespeed:1.7.6
-
cpe:2.3:a:litespeedtech:openlitespeed:1.7.7
-
cpe:2.3:a:litespeedtech:openlitespeed:1.7.8
-
cpe:2.3:a:litespeedtech:openlitespeed:1.7.9
-
cpe:2.3:a:litespeedtech:openlitespeed:1.7.9.1
-
cpe:2.3:a:litespeedtech:openlitespeed:1.7.9.2