Security Vulnerabilities fixed in Control Web Panel


login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter.

description-logoOutbreak Alert

A command injection vulnerability that allows remote attackers to easily exploit CWP (Control Web Panel) with a crafted HTTP request which can result in Remote Code Execution. According to Shodan, there are thousands of servers that could still be vulnerable to CVE-2022-44877. This vulnerability can be leveraged to perform ransomware attacks or exfiltration of data.

View the full Outbreak Alert Report

affected-products-logoAffected Applications

Control Web Panel

CVE References