Exploit for #VU71411 OS Command Injection in CWP Panel

Published: 2023-01-22 | Updated: 2024-10-25

Vulnerability identifier: #VU71411

Vulnerability risk: Critical

CVSSv4.0: 9.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red]

CVE-ID: CVE-2022-44877

CWE-ID: CWE-78

Exploitation vector: Network

Exploits in database: 7

October 25, 2024
- Centos Web Panel 7 v0.9.8.1147 - Unauthenticated Remote Code Execution (RCE) [Exploit-DB]
- Control Web Panel 7 (CWP7) v0.9.8.1147 - Remote Code Execution (RCE) [Exploit-DB]
December 13, 2023
- CVE-2022-44877-RCE (CVE-2022-44877 Centos Web Panel 7 Unauthenticated Remote Code Execution) [Github]
March 10, 2023
- CVE-2022-44877-white-box (Red Team utilities for setting up CWP CentOS 7 payload & reverse shell (Red Team 9 - CW2023)) [Github]
February 13, 2023
- CVE-2022-44877 (Bash Script for Checking Command Injection Vulnerability on CentOS Web Panel [CWP] (CVE-2022-44877)) [Github]
January 31, 2023
- CWP login.php Unauthenticated RCE [Metasploit]
January 22, 2023
- CVE-2022-44877 () [Github]

Vulnerable software:
CWP Panel
Other software / Other software solutions

Vendor: CWP - Control Web Panel