CVE-2020-5519

Published: Jan 6, 2020Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

The WebAdmin Console in OpenLiteSpeed before v1.6.5 does not strictly check request URLs, as demonstrated by the "Server Configuration > External App" screen.

Affected (1)

Products: Litespeedtech: Openlitespeed

Litespeedtech

1 product

Openlitespeed

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Litespeedtech Openlitespeed	Before 1.6.5

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (4)

https://drive.google.com/open?id=1pSciFEfjHp3kN8y5shy_zosJo7dje_fX

Source: cve@mitre.org

Permissions RequiredThird Party Advisory

https://forum.openlitespeed.org/threads/openlitespeed-v1-6-5-now-available.4047/

Source: cve@mitre.org

Vendor Advisory

https://drive.google.com/open?id=1pSciFEfjHp3kN8y5shy_zosJo7dje_fX

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredThird Party Advisory

https://forum.openlitespeed.org/threads/openlitespeed-v1-6-5-now-available.4047/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.