Cybersecurity Alerts

CWP Control Web Panel OS Command Injection Vulnerability

CWP Control Web Panel (formerly CentOS Web Panel) contains an OS command injection vulnerability that allows remote attackers to execute commands via shell metacharacters in the login parameter.

Required Action

Apply updates per vendor instructions.

Weakness Classification

CWE-78

References

• https://control-webpanel.com/changelog#1669855527714-450fb335-6194
• https://nvd.nist.gov/vuln/detail/CVE-2022-44877