CVE-2022-44877

unknown KEV

Published 2023-01-17 · Modified 2023-01-17

CVSS v3

—

CVSS v2

—

VIR risk

1.5

Description

CWP Control Web Panel (formerly CentOS Web Panel) contains an OS command injection vulnerability that allows remote attackers to execute commands via shell metacharacters in the login parameter.

CISA KEV

Vendor: CWP
Product: Control Web Panel
Due date: 2023-02-07

Predictions

Exploit likelihood

99%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cisa-kev — https://control-webpanel.com/changelog#1669855527714-450fb335-6194; https://nvd.nist.gov/vuln/detail/CVE-2022-44877

Exploits

References

https://control-webpanel.com/changelog#1669855527714-450fb335-6194; https://nvd.nist.gov/vuln/detail/CVE-2022-44877

Verify integrity in audit chain (admin only). AS-IS.