9.8
CVSSv3

CVE-2022-44877

Published: 05/01/2023 Updated: 21/11/2024

Vulnerability Summary

login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 prior to 0.9.8.1147 allows remote malicious users to execute arbitrary OS commands via shell metacharacters in the login parameter.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

control-webpanel webpanel

Vendor Advisories

Check Point Reference: CPAI-2022-1130 Date Published: 18 Jan 2023 Severity: Critical ...

Exploits

Control Web Panel versions prior to 0981147 are vulnerable to unauthenticated OS command injection Successful exploitation results in code execution as the root user The results of the command are not contained within the HTTP response and the request will block while the command is running ...
Control Web Panel 7 versions prior to 0981147 suffer from an unauthenticated remote code execution vulnerability ...

Github Repositories

Bash Script for Checking Command Injection Vulnerability on CentOS Web Panel [CWP] (CVE-2022-44877)

CVE-2022-44877 Overview This bash script is used to test the vulnerability of web servers to CVE-2022-44877 The script performs a curl request to a target URL with a payload encoded in base64 If the target is vulnerable to the CVE-2022-44877 vulnerability, the elapsed time of the curl request will be greater than 35 seconds Installation sudo apt-get update sudo apt-get inst

CVE-2022-44877 Centos Web Panel 7 Unauthenticated Remote Code Execution

Centos Web Panel 7 Unauthenticated Remote Code Execution - CVE-2022-44877 Vulnerability description RESERVED An issue in the /login/indexphp component of Centos Web Panel 7 before v0981147 allows unauthenticated attackers to execute arbitrary system commands via crafted HTTP requests Version affected Centos Web Panel 7 - < 0981147 Vulnerability demonstration [+] C

Centos Web Panel 7 Unauthenticated Remote Code Execution - CVE-2022-44877 [+] Centos Web Panel 7 Unauthenticated Remote Code Execution [+] Centos Web Panel 7 - < 0981147 [+] Affected Component ip:2031/login/indexphp?login=$(whoami) [+] Discoverer: Numan Türle @ Gais Cyber Security [+] Vendor: centos-webpanelcom/ - control-webpanelcom/changelog#

use go-exploit module #when module mode off go get githubcom/vulncheck-oss/go-exploit #when moduile mode on go mod init examplecom/myapp go get githubcom/vulncheck-oss/go-exploit build go build -o cve-2022-44877 maingo

Control Web Panel 7 (CWP7) Remote Code Execution (RCE) (CVE-2022-44877) (Unauthenticated)

CVE-2022-44877-CWP7 Control Web Panel 7 (CWP7) Remote Code Execution (RCE) (CVE-2022-44877) (Unauthenticated) Repository will get updated with POC soon

Recent Articles

CRYSTALRAY hacker expands to 1,500 breached systems using SSH-Snake tool
BleepingComputer • Bill Toulas • 11 Jul 2024

CRYSTALRAY hacker expands to 1,500 breached systems using SSH-Snake tool By Bill Toulas July 11, 2024 11:09 AM 0 Image: Midjourney A new threat actor known as CRYSTALRAY has significantly broadened its targeting scope with new tactics and exploits, now counting over 1,500 victims whose credentials were stolen and cryptominers deployed. This is being reported by researchers at Sysdig, who have tracked the threat actor since February, when they first reported their use of the SSH-Snake open-source...