Skip to main content
All vulnerabilities
CVE-2022-44877

CWP Control Web Panel OS Command Injection Vulnerability

CWPControl Web Panel

Added to KEV catalog
17 January 2023
Federal remediation due date
7 February 2023
Weakness classification (CWE)
CWE-78

CISA Description

CWP Control Web Panel (formerly CentOS Web Panel) contains an OS command injection vulnerability that allows remote attackers to execute commands via shell metacharacters in the login parameter.

Required action

Apply updates per vendor instructions.

Notes

https://control-webpanel.com/changelog#1669855527714-450fb335-6194; https://nvd.nist.gov/vuln/detail/CVE-2022-44877

Confirm Your Exposure

Is this vulnerability present in your environment?

CRS delivers independent VAPT assessments that identify exactly which known-exploited vulnerabilities exist in your network, applications, and infrastructure.

Explore VAPT Services