CVE-2022-44877

login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter.

Attack Vector (AV)	Network	Adjacent	Local	Physical
Attack Complexity (AC)	LOW	High
Privileges Required (PR)	None	Low	High
User Interaction (UI)	None	Required
Scope (S)	Unchange	Change
Confidentiality (C)	None	Low	High
Integrity (I)	None	Low	High
Availability (A)	None	Low	High

NVD References

Refer to Information on External Sites

CVE Infomation	Exploits or more Infomation
mitre	EXPLOIT DATABASE
NVD	0day.today
vulmon.com	github
CVE Details	Twitter
JVN ENG JPN
Reconshell

List of frequently cited URLs

URL	Num of Times Referred to
https://cvetrends.com	51
https://lists.astaro.com/ASGV9-IPS-rules.html#0	19
https://securityaffairs.com/140989/security/centos-web-pane...	10
https://www.cisa.gov/known-exploited-vulnerabilities-catalog	7
https://securityonline.info/cve-2022-44877-unauthenticated-...	5
https://thehackernews.com/2023/01/alert-hackers-actively-ex...	4
https://www.bleepingcomputer.com/news/security/hackers-expl...	4
http://T.ME/APTIRAN	3
http://bit.ly/3Z5q5jl	3
https://github.com/numanturle/CVE-2022-44877	3
https://opsmtrs.com/3u44jMT	3
https://twitter.com/_0xf4n9x_/status/1612068225046675457	3
https://seclists.org/fulldisclosure/2023/Jan/1	3
https://www.greynoise.io	3
https://securityboulevard.com/2023/01/control-web-panel-vul...	3
https://dashboard.shadowserver.org/statistics/honeypot/moni...	3
https://xcloud.spectrum.colortokens.com/cve/CVE-2022-44877	3

User	URL	Info Source	Date
techadversary	https://www.reddit.com/r/netsec/comments/10454f0/centos_web...	Source techadversary 1628201538803105793	2023/02/22
WolfgangSesin	http://www.sesin.at	Source WolfgangSesin 1628413141653618692	2023/02/23
WolfgangSesin	https://www.sesin.at/2023/02/22/cve-2022-44877-webpanel	Source WolfgangSesin 1628413141653618692	2023/02/23
www_sesin_at	http://www.sesin.at	Source www_sesin_at 1628413143981359108	2023/02/23
www_sesin_at	https://www.sesin.at/2023/02/22/cve-2022-44877-webpanel	Source www_sesin_at 1628413143981359108	2023/02/23
mhz_cyber	https://www.vicarius.io/vsociety/blog/unauthenticated-rce-i...	Source mhz_cyber 1640614299172237313	2023/03/28
mhz_cyber	https://vicarius.io/vsociety/blog/unauthenticated-rce-in-ce...	Source mhz_cyber 1640614590672142336	2023/03/28
mhz_cyber	https://vicarius.io/vsociety/blog/unauthenticated-rce-in-ce...	Source mhz_cyber 1640614708829888513	2023/03/28
zoomeye_team	https://www.zoomeye.org/searchResult?q=%22Set-Cookie%5C%3A%...	Source zoomeye_team 1643159881841790977	2023/04/04
zoomeye_team	https://twitter.com/zoomeye_team/status/1643159881841790977...	Source zoomeye_team 1643159881841790977	2023/04/04
threatintelctr	https://nvd.nist.gov/vuln/detail/CVE-2022-44877	Source threatintelctr 1644028931723370525	2023/04/07

User	URL	Info Source
techadversary	reddit.com	Show Tweet
WolfgangSesin	sesin.at	Show Tweet
WolfgangSesin	sesin.at	Show Tweet
www_sesin_at	sesin.at	Show Tweet
www_sesin_at	sesin.at	Show Tweet
mhz_cyber	vicarius.io	Show Tweet
mhz_cyber	vicarius.io	Show Tweet
mhz_cyber	vicarius.io	Show Tweet
zoomeye_team	zoomeye.org	Show Tweet
zoomeye_team	twitter.com	Show Tweet
threatintelctr	nvd.nist.gov	Show Tweet

Name	URL
numanturle/CVE-2022-44877	https://github.com/numanturle/CVE-2022-44877
komomon/CVE-2022-44877-RCE	https://github.com/komomon/CVE-2022-44877-RCE
Live-Hack-CVE/CVE-2022-44877	https://github.com/Live-Hack-CVE/CVE-2022-44877

CVE-2022-44877

Description from NVD

▼ CVSS3 Vec CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

NVD References

Refer to Information on External Sites

▼ Show Information from Twitter(11)

▼ Show Information from Twitter(11)

URL	Num of Times Referred to
cvetrends.com	51
lists.astaro.com	19
securityaffairs.com	10
www.cisa.gov	7
securityonline.info	5
thehackernews.com	4
www.bleepingcomputer.com	4
T.ME	3
bit.ly	3
github.com	3
opsmtrs.com	3
twitter.com	3
seclists.org	3
www.greynoise.io	3
securityboulevard.com	3
dashboard.shadowserver.org	3
xcloud.spectrum.colortokens.com	3