Vulnerability Description
Improper Input Validation vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Command Injection. This affects 1.7.0 versions before 1.7.16.1.
CVSS Score
8.8
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Litespeedtech | Openlitespeed | >= 1.7.0, <= 1.7.16.1 |
Related Weaknesses (CWE)
References
- https://github.com/litespeedtech/openlitespeed/blob/v1.7.16.1/dist/admin/html.opExploitThird Party Advisory
- https://github.com/litespeedtech/openlitespeed/blob/v1.7.16/dist/admin/html.openExploitThird Party Advisory
- https://github.com/litespeedtech/openlitespeed/blob/v1.7.16.1/dist/admin/html.opExploitThird Party Advisory
- https://github.com/litespeedtech/openlitespeed/blob/v1.7.16/dist/admin/html.openExploitThird Party Advisory
FAQ
What is CVE-2022-0073?
CVE-2022-0073 is a vulnerability with a CVSS score of 8.8 (HIGH). Improper Input Validation vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Command Injection. This affects 1.7.0 versions before 1.7.16.1.
How severe is CVE-2022-0073?
CVE-2022-0073 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-0073?
Check the references section above for vendor advisories and patch information. Affected products include: Litespeedtech Openlitespeed.