9.8
CVE-2022-44877
- EPSS 94.46%
- Veröffentlicht 05.01.2023 23:15:09
- Zuletzt bearbeitet 03.11.2025 18:54:56
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Loginlogin/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Control-webpanel ≫ Webpanel Version < 0.9.8.1147
17.01.2023: CISA Known Exploited Vulnerabilities (KEV) Catalog
CWP Control Web Panel OS Command Injection Vulnerability
SchwachstelleCWP Control Web Panel (formerly CentOS Web Panel) contains an OS command injection vulnerability that allows remote attackers to execute commands via shell metacharacters in the login parameter.
BeschreibungApply updates per vendor instructions.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 94.46% | 1 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.