All vulnerabilities
CVE-2022-44877
CWP Control Web Panel OS Command Injection Vulnerability
CWP — Control Web Panel
- Added to KEV catalog
- 17 January 2023
- Federal remediation due date
- 7 February 2023
- Weakness classification (CWE)
- CWE-78
CISA Description
CWP Control Web Panel (formerly CentOS Web Panel) contains an OS command injection vulnerability that allows remote attackers to execute commands via shell metacharacters in the login parameter.
Required action
Apply updates per vendor instructions.
Notes
https://control-webpanel.com/changelog#1669855527714-450fb335-6194; https://nvd.nist.gov/vuln/detail/CVE-2022-44877
More CWP Vulnerabilities
Confirm Your Exposure
Is this vulnerability present in your environment?
CRS delivers independent VAPT assessments that identify exactly which known-exploited vulnerabilities exist in your network, applications, and infrastructure.
Explore VAPT Services