Security News > 2023 > January > Alert: Hackers Actively Exploiting Critical "Control Web Panel" RCE Vulnerability
Malicious actors are actively attempting to exploit a recently patched critical vulnerability in Control Web Panel that enables elevated privileges and unauthenticated remote code execution on susceptible servers.
Control Web Panel, formerly known as CentOS Web Panel, is a popular server administration tool for enterprise-based Linux systems.
"Login/index.php in CWP 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter," according to NIST. Gais Security researcher Numan Turle has been credited with discovering and reporting the flaw to the Control Web Panel.
"This is an unauthenticated RCE," Shadowserver said in a series of tweets, adding, "Exploitation is trivial."
GreyNoise said that it has observed four unique IP addresses attempting to exploit CVE-2022-44877 to date, two of which are located in the U.S. and one each from the Netherlands and Thailand.
This is not the first time similar flaws have been discovered in CWP. In January 2022, two critical issues were identified in the hosting panel that could have been weaponized to achieve pre-authenticated remote code execution.
News URL
https://thehackernews.com/2023/01/alert-hackers-actively-exploiting.html
Related news
- Gladinet’s Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability (source)
- Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028) (source)
- CISA Warns of CentreStack's Hard-Coded MachineKey Vulnerability Enabling RCE Attacks (source)
- Critical FortiSwitch flaw lets hackers change admin passwords remotely (source)
- Critical Apache Roller Vulnerability (CVSS 10.0) Enables Unauthorized Session Persistence (source)
- Critical Erlang/OTP SSH Vulnerability (CVSS 10.0) Allows Unauthenticated Code Execution (source)
- Critical Erlang/OTP SSH pre-auth RCE is 'Surprisingly Easy' to exploit, patch now (source)
- Critical Erlang/OTP SSH RCE bug now has public exploits, patch now (source)
- New Critical SAP NetWeaver Flaw Exploited to Drop Web Shell, Brute Ratel Framework (source)
- Hackers Exploit Critical Craft CMS Flaws; Hundreds of Servers Likely Compromised (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-05 | CVE-2022-44877 | OS Command Injection vulnerability in Control-Webpanel Webpanel login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter. | 9.8 |