CVE-2022-44877
Description
login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter.
Severity: CRITICAL
CVE ID: CVE-2022-44877
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Proof Of Concept
Nuclei Templates for CVE-2022-44877
Refrence: Project Discovery GitHub
numanturle
Refrence: GitHub
komomon
CVE-2022-44877 Centos Web Panel 7 Unauthenticated Remote Code Execution
Refrence: GitHub
ColdFusionX
Control Web Panel 7 (CWP7) Remote Code Execution (RCE) (CVE-2022-44877) (Unauthenticated)
Refrence: GitHub
Chocapikk
Bash Script for Checking Command Injection Vulnerability on CentOS Web Panel [CWP] (CVE-2022-44877)
Refrence: GitHub
hotpotcookie
Red Team utilities for setting up CWP CentOS 7 payload & reverse shell (Red Team 9 - CW2023)
Refrence: GitHub
RicYaben
Refrence: GitHub
dkstar11q
Bash Script for Checking Command Injection Vulnerability on CentOS Web Panel [CWP] (CVE-2022-44877)
Refrence: GitHub
rhymsc
Refrence: GitHub
G01d3nW01f
Refrence: GitHub