Vulnerability CVE-2022-44877


Published: 2023-01-05   Modified: 2023-01-06

Description:
RESERVED An issue in the /login/index.php component of Centos Web Panel 7 before v0.9.8.1147 allows unauthenticated attackers to execute arbitrary system commands via crafted HTTP requests.

See advisories in our WLB2 database:
Topic
Author
Date
High
Control Web Panel 7 Remote Code Execution
numan turle
09.01.2023
High
Control Web Panel Unauthenticated Remote Command Execution
Spencer McIntyre
02.02.2023

Type:

CWE-78

(Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') )

 References:
https://gist.github.com/numanturle/c1e82c47f4cba24cff214e904c227386
https://www.youtube.com/watch?v=kiLfSvc1SYY

Copyright 2024, cxsecurity.com

 

Back to Top