CVE-2022-44877 - CWP Control Web Panel OS Command Injection Vulnerability
Project:CWP
Product:Control Web Panel
Date Added:2023-01-17Due Date:2023-02-07
Vulnerability Name
CWP Control Web Panel OS Command Injection Vulnerability
Description
CWP Control Web Panel (formerly CentOS Web Panel) contains an OS command injection vulnerability that allows remote attackers to execute commands via shell metacharacters in the login parameter.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply updates per vendor instructions.
Additional Notes
https://control-webpanel.com/changelog#1669855527714-450fb335-6194
https://nvd.nist.gov/vuln/detail/CVE-2022-44877
Related News Articles
CRYSTALRAY hacker expands to 1,500 breached systems using SSH-Snake toolJuly 11, 2024