login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 prior to 0.9.8.1147 allows remote malicious users to execute arbitrary OS commands via shell metacharacters in the login parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
control-webpanel webpanel |
CRYSTALRAY hacker expands to 1,500 breached systems using SSH-Snake tool By Bill Toulas July 11, 2024 11:09 AM 0 Image: Midjourney A new threat actor known as CRYSTALRAY has significantly broadened its targeting scope with new tactics and exploits, now counting over 1,500 victims whose credentials were stolen and cryptominers deployed. This is being reported by researchers at Sysdig, who have tracked the threat actor since February, when they first reported their use of the SSH-Snake open-source...