PT-2022-6246 · Litespeed · Openlitespeed Web Server+1

Published

2022-10-27

Updated

2025-03-19

CVE-2022-0073

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions OpenLiteSpeed Web Server versions 1.7.0 through 1.7.16.1 LiteSpeed Web Server versions 1.7.0 through 1.7.16.1

Description The issue is related to improper input validation, which allows command injection. This can be exploited by a remote attacker to execute arbitrary code.

Recommendations For OpenLiteSpeed Web Server versions 1.7.0 through 1.7.16.1, update to version 1.7.16.1 or later. For LiteSpeed Web Server versions 1.7.0 through 1.7.16.1, update to version 1.7.16.1 or later. As a temporary workaround, consider restricting access to the dashboard to minimize the risk of exploitation.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2023-00643

CVE-2022-0073

Affected Products

Litespeed Web Server

Openlitespeed Web Server

PT-2022-6246 · Litespeed · Openlitespeed Web Server+1

CVE-2022-0073

Weakness Enumeration

Related Identifiers

Affected Products

References · 11