Exploit for #VU96486 Incorrect Privilege Assignment in LiteSpeed Cache

Published: 2024-08-30 | Updated: 2024-09-13

Vulnerability identifier: #VU96486

Vulnerability risk: High

CVSSv4.0: 8.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]

CVE-ID: CVE-2024-28000

CWE-ID: CWE-266

Exploitation vector: Network

Exploits in database: 5

September 13, 2024
- CVE-2024-28000 (CVE-2024-28000 Exploit for litespeed-cache =<6.3 allows Privilege Escalation with creation of administrator account) [Github]
- CVE-2024-28000 [Github]
August 30, 2024
- CVE-2024-28000 [Github]
- CVE-2024-28000 (LiteSpeed Cache Privilege Escalation PoC - CVE-2024-28000) [Github]
- CVE-2024-28000 [Github]

Vulnerable software:
LiteSpeed Cache
Web applications / Modules and components for CMS

Vendor: LiteSpeed Technologies