Vulnerability Details CVE-2022-44877
login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.944
EPSS Ranking 100.0%
CVSS Severity
CVSS v3 Score 9.8
Proposed Action
CWP Control Web Panel (formerly CentOS Web Panel) contains an OS command injection vulnerability that allows remote attackers to execute commands via shell metacharacters in the login parameter.
Ransomware Campaign
Unknown
References
- http://packetstormsecurity.com/files/170388/Control-Web-Panel-7-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/170820/Control-Web-Panel-Unauthenticated-Remote-Command-Execution.html
- http://packetstormsecurity.com/files/171725/Control-Web-Panel-7-CWP7-0.9.8.1147-Remote-Code-Execution.html
- http://seclists.org/fulldisclosure/2023/Jan/1
- https://gist.github.com/numanturle/c1e82c47f4cba24cff214e904c227386
- https://www.youtube.com/watch?v=kiLfSvc1SYY
- http://packetstormsecurity.com/files/170388/Control-Web-Panel-7-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/170820/Control-Web-Panel-Unauthenticated-Remote-Command-Execution.html
- http://packetstormsecurity.com/files/171725/Control-Web-Panel-7-CWP7-0.9.8.1147-Remote-Code-Execution.html
- http://seclists.org/fulldisclosure/2023/Jan/1
- https://gist.github.com/numanturle/c1e82c47f4cba24cff214e904c227386
- https://www.youtube.com/watch?v=kiLfSvc1SYY
Products affected by CVE-2022-44877
-
cpe:2.3:a:control-webpanel:webpanel:-
-
cpe:2.3:a:control-webpanel:webpanel:0.1
-
cpe:2.3:a:control-webpanel:webpanel:0.2
-
cpe:2.3:a:control-webpanel:webpanel:0.3
-
cpe:2.3:a:control-webpanel:webpanel:0.4
-
cpe:2.3:a:control-webpanel:webpanel:0.5
-
cpe:2.3:a:control-webpanel:webpanel:0.6
-
cpe:2.3:a:control-webpanel:webpanel:0.7
-
cpe:2.3:a:control-webpanel:webpanel:0.8
-
cpe:2.3:a:control-webpanel:webpanel:0.9
-
cpe:2.3:a:control-webpanel:webpanel:0.9.1
-
cpe:2.3:a:control-webpanel:webpanel:0.9.2
-
cpe:2.3:a:control-webpanel:webpanel:0.9.3
-
cpe:2.3:a:control-webpanel:webpanel:0.9.4
-
cpe:2.3:a:control-webpanel:webpanel:0.9.5
-
cpe:2.3:a:control-webpanel:webpanel:0.9.6
-
cpe:2.3:a:control-webpanel:webpanel:0.9.7
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.1
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.10
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.1051
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.1053
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.1054
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.1055
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.1057
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.1058
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.1059
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.1060
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.1061
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.1062
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.1063
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.1064
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.1065
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.1066
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.1067
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.1068
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.1069
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.1070
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.1071
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.1072
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.1073
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.1075
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.1078
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.1079
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.1081
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.1082
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.1083
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.1084
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.1085
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.1087
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.1088
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.1089
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.1091
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.1094
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.1096
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.1097
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.1098
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.1099
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.11
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.1100
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.1101
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.1103
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.1104
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.1107
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.1108
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.1113
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.1117
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.1118
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.1119
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.1120
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.1122
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.1124
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.1126
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.1127
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.1128
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.1129
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.1130
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.1131
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.1132
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.1133
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.1135
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.1136
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.1137
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.1138
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.1139
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.1140
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.1141
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.1142
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.1143
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.1144
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.1145
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.1146
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.12
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.127
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.13
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.14
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.150
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.151
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.152
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.17
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.183
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.184
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.196
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.197
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.2
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.20
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.226
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.237
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.238
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.239
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.240
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.247
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.248
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.249
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.250
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.265
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.266
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.273
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.277
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.290
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.291
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.3
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.314
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.315
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.333
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.334
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.359
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.4
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.448
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.48
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.480
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.5
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.6
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.651
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.7
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.740
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.747
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.748
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.753
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.763
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.789
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.793
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.8
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.807
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.836
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.837
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.840
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.846
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.848
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.851
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.855
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.856
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.864
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.891
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.9
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.923
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.956
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.957
-
cpe:2.3:a:control-webpanel:webpanel:0.9.8.994