Vulnerability Database

319,561

Total vulnerabilities in the database

CVE-2021-47903

LiteSpeed Web Server Enterprise 5.4.11 contains an authenticated command injection vulnerability in the external app configuration interface. Authenticated administrators can inject shell commands through the 'Command' parameter in the server configuration, allowing remote code execution via path traversal and bash command injection.

Published: Jan 23, 2026
Updated: Jan 24, 2026
CVE: CVE-2021-47903
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-78

OWASP TOP 10:

A1 - Injection

Affected Software
References

No affected software listed.

https://www.exploit-db.com/exploits/49523
https://www.litespeedtech.com/
https://www.litespeedtech.com/products
https://www.vulncheck.com/advisories/litespeed-web-server-enterprise-command-injection

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo