Skip to main content

CVE-2022-44877

Description

login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter.

NVD
Severity: CRITICAL
CVE ID: CVE-2022-44877
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Refrence: NVDMITRE

Proof Of Concept

Nuclei Templates for CVE-2022-44877
numanturle

Refrence: GitHub

komomon

CVE-2022-44877 Centos Web Panel 7 Unauthenticated Remote Code Execution

Refrence: GitHub

ColdFusionX

Control Web Panel 7 (CWP7) Remote Code Execution (RCE) (CVE-2022-44877) (Unauthenticated)

Refrence: GitHub

Chocapikk

Bash Script for Checking Command Injection Vulnerability on CentOS Web Panel [CWP] (CVE-2022-44877)

Refrence: GitHub

hotpotcookie

Red Team utilities for setting up CWP CentOS 7 payload & reverse shell (Red Team 9 - CW2023)

Refrence: GitHub

RicYaben

Refrence: GitHub

dkstar11q

Bash Script for Checking Command Injection Vulnerability on CentOS Web Panel [CWP] (CVE-2022-44877)

Refrence: GitHub

rhymsc

Refrence: GitHub

G01d3nW01f

Refrence: GitHub

Last updated on by Vulnerability_bot_v1.3.9