PT-2026-4516 · Litespeed Technologies · Litespeed Web Server Enterprise
Published
2026-01-23
·
Updated
2026-01-24
·
CVE-2021-47903
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
LiteSpeed Web Server Enterprise version 5.4.11
Description
LiteSpeed Web Server Enterprise version 5.4.11 has an issue where a user with administrative privileges can inject commands into the system. This occurs through the 'Command' parameter within the server configuration interface, potentially leading to remote code execution. The issue involves path traversal and bash command injection. The vulnerable parameter is
Command.Recommendations
Apply any available configuration updates to address the command injection issue in the external app configuration interface.
Exploit
Fix
RCE
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Litespeed Web Server Enterprise