CVE-2022-44877

login/index.php in CWP aka Control Web Panel or CentOS Web Panel 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter...

CVE-2025-44877

Tenda AC9 V15.03.06.42multi was found to contain a command injection vulnerability in the formSetSambaConf function via the usbname parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

Control Web Panel 7 (CWP7) 0.9.8.1147 Remote Code Execution

// Exploit Title: Control Web Panel 7 CWP7 v0.9.8.1147 - Remote Code Execution RCE // Date: 2023-02-02 // Exploit Author: Mayank Deshmukh // Vendor Homepage: https://centos-webpanel.com/ // Affected Versions: version 0.9.8.1147 // Tested on: Kali Linux // CVE : CVE-2022-44877 // Github POC:...

Control Web Panel 7 (CWP7) v0.9.8.1147 - Remote Code Execution (RCE)

// Exploit Title: Control Web Panel 7 CWP7 v0.9.8.1147 - Remote Code Execution RCE // Date: 2023-02-02 // Exploit Author: Mayank Deshmukh // Vendor Homepage: https://centos-webpanel.com/ // Affected Versions: version 0.9.8.1147 // Tested on: Kali Linux // CVE : CVE-2022-44877 // Github POC:...

Control Web Panel 7 (CWP7) v0.9.8.1147 - Remote Code Execution Exploit

// Exploit Title: Control Web Panel 7 CWP7 v0.9.8.1147 - Remote Code Execution RCE // Exploit Author: Mayank Deshmukh // Vendor Homepage: https://centos-webpanel.com/ // Affected Versions: version 0.9.8.1147 // Tested on: Kali Linux // CVE : CVE-2022-44877 // Github POC:...

Centos Web Panel 7 v0.9.8.1147 - Unauthenticated Remote Code Execution Vulnerability

Exploit Title: Centos Web Panel 7 v0.9.8.1147 - Unauthenticated Remote Code Execution RCE + Centos Web Panel 7 - 0.9.8.1147 + Affected Component ip:2031/login/index.php?login=$whoami + Discoverer: Numan Türle @ Gais Cyber Security + Author: Numan Türle + Vendor: https://centos-webpanel.com/ -...

Centos Web Panel 7 v0.9.8.1147 - Unauthenticated Remote Code Execution (RCE)

Exploit Title: Centos Web Panel 7 v0.9.8.1147 - Unauthenticated Remote Code Execution RCE + Centos Web Panel 7 - 0.9.8.1147 + Affected Component ip:2031/login/index.php?login=$whoami + Discoverer: Numan Türle @ Gais Cyber Security + Author: Numan Türle + Vendor: https://centos-webpanel.com/ -...

Metasploit Weekly Wrap-Up

Metasploit 6.3 is out! Earlier this week we announced the release of Metasploit 6.3 which came with a tonne of new modules and improvements. The whole team worked super hard on this and we're very excited that everyone can now get their hands on it and all of the new features it has to offer! I...

CWP login.php Unauthenticated RCE

Control Web Panel versions use exploit/linux/http/controlwebpanellogincmdexec msf exploitcontrolwebpanellogincmdexec show targets ...targets... msf exploitcontrolwebpanellogincmdexec set TARGET msf exploitcontrolwebpanellogincmdexec show options ...show and set options... msf...

Control Web Panel Unauthenticated Remote Command Execution Exploit

Control Web Panel versions prior to 0.9.8.1147 are vulnerable to unauthenticated OS command injection. Successful exploitation results in code execution as the root user. The results of the command are not contained within the HTTP response and the request will block while the command is running...

Control Web Panel Unauthenticated Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/stopwatch' class MetasploitModule 'CWP login.php Unauthenticated RCE', 'Description' = %q Control Web Panel versions 'Spencer McIntyre', metasploit module...

Linanto Control Web Panel (CWP) 7 < 0.9.8.1147 Command Injection (CVE-2022-44877)

The version of Linanto Control Web Panel CWP 7, a web based control panel application, installed on the remote host is prior to 0.9.8.1147. It is, therefore, affected by a command injection vulnerability in the login parameter of the login/index.php page. Note that Nessus has not tested for this...

Exploitation of Control Web Panel CVE-2022-44877

On January 3, 2023, security researcher Numan Türle published a proof-of-concept exploit for CVE-2022-44877, an unauthenticated remote code execution vulnerability in Control Web Panel CWP, formerly known as CentOS Web Panel that had been fixed in an October 2022 release of CWP. The vulnerability...

CVE-2022-44877, critical RCE in CentOS Control Web Panel exploited in the wild: everything you need to know

Detect and mitigate CVE-2022-44877, a CentOS Control Web Panel CWP unauthenticated RCE exploited in the wild. Security teams are advised to patch urgently...

Alert: Hackers Actively Exploiting Critical "Control Web Panel" RCE Vulnerability

Malicious actors are actively attempting to exploit a recently patched critical vulnerability in Control Web Panel CWP that enables elevated privileges and unauthenticated remote code execution RCE on susceptible servers. Tracked as CVE-2022-44877 CVSS score: 9.8, the bug impacts all versions of...

Control Web Panel 7 Remote Code Execution Vulnerability

Centos Web Panel 7 Unauthenticated Remote Code Execution + Centos Web Panel 7 - 0.9.8.1147 + Affected Component ip:2031/login/index.php?login=$whoami + Discoverer: Numan Türle @ Gais Cyber Security + Vendor: https://centos-webpanel.com/ -...

Control Web Panel 7 Remote Code Execution

Centos Web Panel 7 Unauthenticated Remote Code Execution + Centos Web Panel 7 - 0.9.8.1147 + Affected Component ip:2031/login/index.php?login=$whoami + Discoverer: Numan Türle @ Gais Cyber Security + Vendor: https://centos-webpanel.com/ -...

CVE-2022-44877

login/index.php in CWP aka Control Web Panel or CentOS Web Panel 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter...

CVE-2022-44877

login/index.php in CWP aka Control Web Panel or CentOS Web Panel 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter...

CVE-2022-44877

creationtimestamp| type| source ---|---|--- 2023-01-05 19:40:32+00:00| published-proof-of-concept| https://t.me/thebugbountyhunter/6905 2023-01-06 02:19:20+00:00| seen| https://t.me/cibsecurity/56025 2023-01-06 08:11:28+00:00| published-proof-of-concept| https://t.me/proxybar/1261 2023-01-07...