Control-Webpanel: >> Webpanel >> 0.9.8.1126 Security Vulnerabilities
CVE-2022-44877
login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter.
Known exploited
CVSS Score
9.8
EPSS Score
0.944
Published
2023-01-05
The password reset token in CWP v0.9.8.1126 is generated using known or predictable values.
CVSS Score
5.9
EPSS Score
0.001
Published
2022-07-07
Command injection vulnerability in CWP v0.9.8.1126 that allows normal users to run commands as the root user.
CVSS Score
8.8
EPSS Score
0.382
Published
2022-07-07