login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter.
Attack Vector (AV) | Network | Adjacent | Local | Physical |
---|---|---|---|---|
Attack Complexity (AC) | LOW | High | ||
Privileges Required (PR) | None | Low | High | |
User Interaction (UI) | None | Required | ||
Scope (S) | Unchange | Change | ||
Confidentiality (C) | None | Low | High | |
Integrity (I) | None | Low | High | |
Availability (A) | None | Low | High |
CVE Infomation | Exploits or more Infomation |
---|---|
mitre | EXPLOIT DATABASE |
NVD | 0day.today |
vulmon.com | github |
CVE Details | |
JVN ENG JPN | |
Reconshell |
Software Tag: Android(3 tweets) Chrome(1 tweets) Exchange(1 tweets) Linux(2 tweets) PHP(28 tweets) iOS(1 tweets)
List of frequently cited URLs
List of frequently cited URLs
Name | URL |
---|---|
numanturle/CVE-2022-44877 | https://github.com/numanturle/CVE-2022-44877 |
komomon/CVE-2022-44877-RCE | https://github.com/komomon/CVE-2022-44877-RCE |
Live-Hack-CVE/CVE-2022-44877 | https://github.com/Live-Hack-CVE/CVE-2022-44877 |
Name | URL |
---|---|
numanturle/CVE-2022-44877 | github.com |
komomon/CVE-2022-44877-RCE | github.com |
Live-Hack-CVE/CVE-2022-44877 | github.com |