OpenLiteSpeed and LSWS Enterprise provided by LiteSpeed Technologies contain an OS command injection vulnerability. An arbitrary OS command may be executed by an attacker with the administrative privilege.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XLitespeedtech Litespeed Web Server
APPLitespeedtech< 6.3.5Litespeedtech Openlitespeed
APPLitespeedtech≤ 1.9.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Command Injection
CWE
Related vulnerabilities
CVE-2020-5519CRITICAL9.8ten sam produkt
The WebAdmin Console in OpenLiteSpeed before v1.6.5 does not strictly check request URLs, as demonstrated by t...
CVE-2023-40518HIGH7.5ten sam produkt
LiteSpeed OpenLiteSpeed before 1.7.18 does not strictly validate HTTP request headers.
CVE-2022-0074HIGH8.8ten sam produkt
Untrusted Search Path vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Serve...
CVE-2022-0073HIGH8.8ten sam produkt
Improper Input Validation vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web S...
CVE-2021-26758HIGH8.8ten sam produkt
Privilege Escalation in LiteSpeed Technologies OpenLiteSpeed web server version 1.7.8 allows attackers to gain...