CVE-2022-44877

Description from NVD

login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter.

Information Acquisition Date:2023-01-29T11:06Z
CVSS 2.0: 0.0 None CVSS 3.x: 9.8 CRITICAL

▼ CVSS3 Vec CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

NVD References

 https://gist.github.com/numanturle/c1e82c47f4cba24cff214e904c227386
     source:MISC
     tags:Exploit    Third Party Advisory    
 https://www.youtube.com/watch?v=kiLfSvc1SYY
     source:MISC
     tags:Exploit    Third Party Advisory    
 20230106 Centos Web Panel 7 Unauthenticated Remote Code Execution - CVE-2022-44877
     source:FULLDISC
     tags:Exploit    Mailing List    Third Party Advisory    
 http://packetstormsecurity.com/files/170388/Control-Web-Panel-7-Remote-Code-Execution.html
     source:MISC
     tags:Exploit    Third Party Advisory    VDB Entry    

This vulnerability may involve a PoC.

Refer to Information on External Sites

CVE InfomationExploits or more Infomation
mitreEXPLOIT DATABASE
NVD0day.today
vulmon.comgithub
CVE DetailsTwitter
JVN ENG JPN
Reconshell

Software Tag: Android(3 tweets) Chrome(1 tweets) Exchange(1 tweets) Linux(2 tweets) PHP(28 tweets) iOS(1 tweets)

List of frequently cited URLs

URLNum of Times Referred to
https://cvetrends.com52
https://github.com/numanturle/CVE-2022-4487717
https://securityaffairs.com/140989/security/centos-web-pane...10
https://www.cisa.gov/known-exploited-vulnerabilities-catalog6
https://thehackernews.com/2023/01/alert-hackers-actively-ex...5
https://securityonline.info/cve-2022-44877-unauthenticated-...5
https://xcloud.spectrum.colortokens.com/cve/CVE-2022-448775
https://opsmtrs.com/3u44jMT4
https://twitter.com/_0xf4n9x_/status/16120682250466754574
https://lists.astaro.com/ASGV9-IPS-rules.html#04
https://www.bleepingcomputer.com/news/security/hackers-expl...4
http://T.ME/APTIRAN3
https://seclists.org/fulldisclosure/2023/Jan/13
https://securityboulevard.com/2023/01/control-web-panel-vul...3
https://dashboard.shadowserver.org/statistics/honeypot/moni...3

▼ Show Information from Twitter(263)

List of frequently cited URLs

URLNum of Times Referred to
cvetrends.com52
github.com17
securityaffairs.com10
www.cisa.gov6
thehackernews.com5
securityonline.info5
xcloud.spectrum.colortokens.com5
opsmtrs.com4
twitter.com4
lists.astaro.com4
www.bleepingcomputer.com4
T.ME3
seclists.org3
securityboulevard.com3
dashboard.shadowserver.org3

▼ Show Information from Twitter(263)

GitHub Search Results: Up to 10
NameURL
numanturle/CVE-2022-44877 https://github.com/numanturle/CVE-2022-44877
komomon/CVE-2022-44877-RCE https://github.com/komomon/CVE-2022-44877-RCE
Live-Hack-CVE/CVE-2022-44877 https://github.com/Live-Hack-CVE/CVE-2022-44877
GitHub Search Results: Up to 10
NameURL
numanturle/CVE-2022-44877 github.com
komomon/CVE-2022-44877-RCE github.com
Live-Hack-CVE/CVE-2022-44877 github.com
2023/02/03 Score : 0
Added Har-sia Database : 2023/01/06
Last Modified : 2023/02/03
Highest Scored Date : 2023/01/06
Highest Score : 38