logo

CVE-2022-44877 - CWP Control Web Panel OS Command Injection Vulnerability

CVE-2022-44877

CWP | Control Web Panel

  • Date Added:
  • 2023-01-17
  • Due Date:
  • 2023-02-07
Vulnerability Name

CWP Control Web Panel OS Command Injection Vulnerability

Description

CWP Control Web Panel (formerly CentOS Web Panel) contains an OS command injection vulnerability that allows remote attackers to execute commands via shell metacharacters in the login parameter.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply updates per vendor instructions.

Additional Notes
https://control-webpanel.com/changelog#1669855527714-450fb335-6194; https://nvd.nist.gov/vuln/detail/CVE-2022-44877
Related News Articles

Free online web security scanner