Alerts This Week
Warning Icon 1 483
Alerts This Week
Warning Icon 1 483

Control Web Panel RCE Threat Advisory: CVE-2022-44877 Critical Risk

11.Locks IsometricPattern Esm H446

Malicious actors are actively attempting to exploit a recently patched critical vulnerability in Control Web Panel (CWP) that enables elevated privileges and unauthenticated remote code execution (RCE) on susceptible servers.

Tracked as CVE-2022-44877 (CVSS score: 9.8), the bug impacts all versions of the software before 0.9.8.1147 and was patched by its maintainers on October 25, 2022.

Control Web Panel, formerly known as CentOS Web Panel, is a popular server administration tool for enterprise-based Linux systems.

"login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter," according to NIST.

The link for this article located at The Hacker News is no longer available.

Your message here
Your message here