CVE-2022-44877

Description from NVD

login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter.

Information Acquisition Date:2023-01-29T11:06Z
CVSS 2.0: 0.0 None CVSS 3.x: 9.8 CRITICAL

▼ CVSS3 Vec CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

NVD References

 https://gist.github.com/numanturle/c1e82c47f4cba24cff214e904c227386
     source:MISC
     tags:Exploit    Third Party Advisory    
 https://www.youtube.com/watch?v=kiLfSvc1SYY
     source:MISC
     tags:Exploit    Third Party Advisory    
 20230106 Centos Web Panel 7 Unauthenticated Remote Code Execution - CVE-2022-44877
     source:FULLDISC
     tags:Exploit    Mailing List    Third Party Advisory    
 http://packetstormsecurity.com/files/170388/Control-Web-Panel-7-Remote-Code-Execution.html
     source:MISC
     tags:Exploit    Third Party Advisory    VDB Entry    

This vulnerability may involve a PoC.

Refer to Information on External Sites

CVE InfomationExploits or more Infomation
mitreEXPLOIT DATABASE
NVD0day.today
vulmon.comgithub
CVE DetailsTwitter
JVN ENG JPN
Reconshell

Software Tag: PHP(1 tweets)



List of frequently cited URLs

URLNum of Times Referred to
https://cvetrends.com51
https://lists.astaro.com/ASGV9-IPS-rules.html#019
https://securityaffairs.com/140989/security/centos-web-pane...10
https://www.cisa.gov/known-exploited-vulnerabilities-catalog7
https://securityonline.info/cve-2022-44877-unauthenticated-...5
https://thehackernews.com/2023/01/alert-hackers-actively-ex...4
https://www.bleepingcomputer.com/news/security/hackers-expl...4
http://T.ME/APTIRAN3
http://bit.ly/3Z5q5jl3
https://github.com/numanturle/CVE-2022-448773
https://opsmtrs.com/3u44jMT3
https://twitter.com/_0xf4n9x_/status/16120682250466754573
https://seclists.org/fulldisclosure/2023/Jan/13
https://www.greynoise.io3
https://securityboulevard.com/2023/01/control-web-panel-vul...3
https://dashboard.shadowserver.org/statistics/honeypot/moni...3
https://xcloud.spectrum.colortokens.com/cve/CVE-2022-448773

▼ Show Information from Twitter(11)


List of frequently cited URLs

URLNum of Times Referred to
cvetrends.com51
lists.astaro.com19
securityaffairs.com10
www.cisa.gov7
securityonline.info5
thehackernews.com4
www.bleepingcomputer.com4
T.ME3
bit.ly3
github.com3
opsmtrs.com3
twitter.com3
seclists.org3
www.greynoise.io3
securityboulevard.com3
dashboard.shadowserver.org3
xcloud.spectrum.colortokens.com3

▼ Show Information from Twitter(11)


GitHub Search Results: Up to 10
NameURL
numanturle/CVE-2022-44877 https://github.com/numanturle/CVE-2022-44877
komomon/CVE-2022-44877-RCE https://github.com/komomon/CVE-2022-44877-RCE
Live-Hack-CVE/CVE-2022-44877 https://github.com/Live-Hack-CVE/CVE-2022-44877

GitHub Search Results: Up to 10
NameURL
numanturle/CVE-2022-44877 github.com
komomon/CVE-2022-44877-RCE github.com
Live-Hack-CVE/CVE-2022-44877 github.com

2023/04/07 Score : 0
Added Har-sia Database : 2023/01/06
Last Modified : 2023/04/07
Highest Scored Date : 2023/01/06
Highest Score : 38