Lucene search
K

129 matches found

Packet Storm
Packet Storm
added 2023/01/31 12:0 a.m.377 views

Control Web Panel Unauthenticated Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/stopwatch' class MetasploitModule 'CWP login.php Unauthenticated RCE', 'Description' = %q Control Web Panel versions 'Spencer McIntyre', metasploit module...

9.8CVSS0.6AI score0.99995EPSS
Exploits12
Tenable Nessus
Tenable Nessus
added 2023/01/30 12:0 a.m.378 views

Linanto Control Web Panel (CWP) 7 < 0.9.8.1147 Command Injection (CVE-2022-44877)

The version of Linanto Control Web Panel CWP 7, a web based control panel application, installed on the remote host is prior to 0.9.8.1147. It is, therefore, affected by a command injection vulnerability in the login parameter of the login/index.php page. Note that Nessus has not tested for this...

9.8CVSS8.8AI score0.99995EPSS
Exploits12References2
Tenable Nessus
Tenable Nessus
added 2023/01/27 12:0 a.m.15 views

Linanto Control Web Panel (CWP) Installed (Linux)

Binary data lintanocontrolwebpanelnixinstalled.nbin...

7.3AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2023/01/23 12:0 a.m.71 views

Control Web Panel < 0.9.8.1147 Remote Code Execution

Control Web Panel CWP, formerly CentOS Web Panel is a free Linux control panel software. CWP versions below 0.9.8.1147 suffer from an operating system command injection through the login GET parameter on the /login/index.php endpoint. By leveraging this vulnerability, an unauthenticated attacker...

9.8CVSS10AI score0.99995EPSS
Exploits12References3
Rapid7 Blog
Rapid7 Blog
added 2023/01/19 7:4 p.m.49 views

Exploitation of Control Web Panel CVE-2022-44877

On January 3, 2023, security researcher Numan Türle published a proof-of-concept exploit for CVE-2022-44877, an unauthenticated remote code execution vulnerability in Control Web Panel CWP, formerly known as CentOS Web Panel that had been fixed in an October 2022 release of CWP. The vulnerability...

2.8AI score0.99995EPSS
Exploits12
Wiz blog
Wiz blog
added 2023/01/17 1:17 p.m.29 views

CVE-2022-44877, critical RCE in CentOS Control Web Panel exploited in the wild: everything you need to know

Detect and mitigate CVE-2022-44877, a CentOS Control Web Panel CWP unauthenticated RCE exploited in the wild. Security teams are advised to patch urgently...

9.8CVSS7AI score0.99995EPSS
Exploits12
The Hacker News
The Hacker News
added 2023/01/12 6:48 a.m.2 views

Alert: Hackers Actively Exploiting Critical "Control Web Panel" RCE Vulnerability

Malicious actors are actively attempting to exploit a recently patched critical vulnerability in Control Web Panel CWP that enables elevated privileges and unauthenticated remote code execution RCE on susceptible servers. Tracked as CVE-2022-44877 CVSS score: 9.8, the bug impacts all versions of...

9.8CVSS8.8AI score0.99995EPSS
Exploits12
The Hacker News
The Hacker News
added 2023/01/12 6:48 a.m.66 views

Alert: Hackers Actively Exploiting Critical "Control Web Panel" RCE Vulnerability

Malicious actors are actively attempting to exploit a recently patched critical vulnerability in Control Web Panel CWP that enables elevated privileges and unauthenticated remote code execution RCE on susceptible servers. Tracked as CVE-2022-44877 CVSS score: 9.8, the bug impacts all versions of...

9.8CVSS1.6AI score0.99995EPSS
Exploits12
VulnCheck KEV
VulnCheck KEV
added 2023/01/11 12:0 a.m.3 views

VulnCheck KEV: CVE-2022-44877

CWP Control Web Panel formerly CentOS Web Panel contains an OS command injection vulnerability that allows remote attackers to execute commands via shell metacharacters in the login parameter...

9.8CVSS7.6AI score0.99995EPSS
Exploits12References1
OSV
OSV
added 2023/01/05 11:15 p.m.2 views

CVE-2022-44877

login/index.php in CWP aka Control Web Panel or CentOS Web Panel 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter...

9.8CVSS7.6AI score0.99995EPSS
Exploits12References7
Vulnrichment
Vulnrichment
added 2023/01/05 12:0 a.m.17 views

CVE-2022-44877

login/index.php in CWP aka Control Web Panel or CentOS Web Panel 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter...

9.8AI score0.99995EPSS
Exploits12References6
Cvelist
Cvelist
added 2023/01/05 12:0 a.m.24 views

CVE-2022-44877

login/index.php in CWP aka Control Web Panel or CentOS Web Panel 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter...

9.9AI score0.99995EPSS
Exploits12References6
CVE
CVE
added 2023/01/05 12:0 a.m.640 views

CVE-2022-44877

CVE-2022-44877 affects CentOS Web Panel / Control Web Panel (CWP) 7 prior to 0.9.8.1147. The vendor’s login/index.php component is vulnerable to OS command injection via shell metacharacters in the login parameter, enabling remote code execution. Public templates and security feeds describe it as...

9.8CVSS9.6AI score0.99995EPSS
In wildExploits12References7Affected Software1
OSV
OSV
added 2022/12/26 5:15 a.m.2 views

CVE-2021-45466

In CWP aka Control Web Panel or CentOS Web Panel before 0.9.8.1107, attackers can make a crafted request to api/?api=addserver&DHCP= to add an authorizedkeys text file in the /resources/ folder...

9.8CVSS5.8AI score0.70947EPSS
Exploits2References2
OSV
OSV
added 2022/12/26 5:15 a.m.6 views

CVE-2021-45467

In CWP aka Control Web Panel or CentOS Web Panel before 0.9.8.1107, an unauthenticated attacker can use %00 bytes to cause /user/loader.php to register an arbitrary API key, as demonstrated by a /user/loader.php?api=1&scripts= .%00./.%00./api/accountnewcreate&acc=guadaapi URI. Any number of %00...

9.8CVSS5.9AI score0.70947EPSS
Exploits1References2
Prion
Prion
added 2022/12/26 5:15 a.m.36 views

Design/Logic Flaw

In CWP aka Control Web Panel or CentOS Web Panel before 0.9.8.1107, attackers can make a crafted request to api/?api=addserver&DHCP= to add an authorizedkeys text file in the /resources/ folder...

7.5CVSS9.2AI score0.70947EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2022/12/26 12:0 a.m.26 views

CVE-2021-45466

In CWP aka Control Web Panel or CentOS Web Panel before 0.9.8.1107, attackers can make a crafted request to api/?api=addserver&DHCP= to add an authorizedkeys text file in the /resources/ folder...

9.5AI score0.70947EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2022/12/26 12:0 a.m.8 views

CVE-2021-45466

In CWP aka Control Web Panel or CentOS Web Panel before 0.9.8.1107, attackers can make a crafted request to api/?api=addserver&DHCP= to add an authorizedkeys text file in the /resources/ folder...

6.8AI score0.70947EPSS
Exploits2References2
CVE
CVE
added 2022/12/26 12:0 a.m.99 views

CVE-2021-45466

CVE-2021-45466: In CWP (Control Web Panel/CentOS Web Panel) before 0.9.8.1107, a crafted request to api/?api=add_server&DHCP= can cause an authorized_keys file to be written under /resources/. This is a remote, unauthenticated exploit with high impact. CVE-2021-45467: In the same platform before ...

9.8CVSS9.2AI score0.55338EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2022/12/26 12:0 a.m.99 views

CVE-2021-45467

CWP (Control Web Panel / CentOS Web Panel) is affected by CVE-2021-45467 in versions before 0.9.8.1107. The issue is an unauthenticated null-byte (%00) injection in the scripts parameter of /user/loader.php (and /user/login.php) that can be exploited to register arbitrary API keys or access sensi...

9.8CVSS9.4AI score0.70947EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder