The gap in protection is monitored under the identifier CVE-2022-44877, it is assigned an estimate of 9.8 on the CVSS scale. The error affects all the versions of CWP to 0.9.8.1147 and was fixed on October 25, 2022.
Control Web Panel (previously known as Centos Web Panel) – a popular server administration tool in corporate Linux systems.
“Login/index.php file in CWP versions until 0.9.8.1147 allows remote attackers to perform arbitrary commands using metasimvols in the parameters of the login” – reports nist.
The specialist of Gais Security found Newman Törl, and its active operation began on January 6, 2023, immediately after POC got into the network.
/Media reports cited above.