CVE-2022-44877 - CWP Control Web Panel OS Command Injection Vulnerability
CVE-2022-44877
CWP | Control Web Panel
- Date Added:
- 2023-01-17
- Due Date:
- 2023-02-07
- Vulnerability Name
CWP Control Web Panel OS Command Injection Vulnerability
- Description
CWP Control Web Panel (formerly CentOS Web Panel) contains an OS command injection vulnerability that allows remote attackers to execute commands via shell metacharacters in the login parameter.
- Known To Be Used in Ransomware Campaigns?
Unknown
- Action
Apply updates per vendor instructions.
- Additional Notes
- https://control-webpanel.com/changelog#1669855527714-450fb335-6194; https://nvd.nist.gov/vuln/detail/CVE-2022-44877
- Related News Articles
Free online web security scanner