CVE-2022-0074 LSWS allows privilege escalation by untrusted search path.
There is a directory traversal vulnerability in LiteSpeed web server that allows attacker to write files to arbitrary location on the system. This can be exploited by attackers to perform arbitrary code injection or download code from an attacker controlled location to a user's machine. This can be leveraged by attackers to perform privilege escalation. There is also a XSS vulnerability in LiteSpeed web server that allows an attacker to inject malicious script codes to the affected system via a victim's browser. This script code can be used to perform session hijacking or other attacks.
The following version of LiteSpeed web server and LiteSpeed Web Server Container is vulnerable:
On July 23, 2018, LiteSpeed Technologies released version 1.7.16.1 of the OpenLiteSpeed web server and LiteSpeed Web Server Container. This is a security release for the following issues:
In the following table we have provided details on the versions of LiteSpeed web server and LiteSpeed Web Server Container that are affected by the above issues.
The following versions of LiteSpeed web server and LiteSpeed Web Server Container are vulnerable:
On March 16, 2018, WordPress released version 4.9.9 of the WordPress blogging software. This is a security release for the following issues:
The following versions of WordPress are affected by the above issues:
On March 15, 2018, Drupal released version 7.59 of the Drupal content management system. This is a security release for the following issues:
Drupnet Vulnerability and Drupal 7.58
On March 15, 2018, Drupal released version 7.59 of the Drupal content management system. This is a security release for the following issues:
In the following table we have provided details on the versions of Drupal that are affected by the above issues.
The following versions of Drupal are affected by the above issues:
On March 15, 2018, PHP released version 7.3.1 of its PHP scripting language interpreter. This is a security release for the following issues:
In the following table we have provided details on the versions of PHP that are vulnerable to these vulnerabilities:
Timeline
Published on: 10/27/2022 20:15:00 UTC
Last modified on: 12/09/2022 17:05:00 UTC