all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Critical Vulnerability in Control Web Panel Exploited in the Wild

Add to bookmarks
Jan. 30, 2023, 12:36 p.m. |

FortiGuard Labs | FortiGuard Center - Threat Signal Report fortiguard.fortinet.com

FortiGuard Labs is aware of a report that a patched but critical vulnerability in Control Web Panel (CWP) is being exploited in the wild. The vulnerability (CVE-2022-44877) is a command injection vulnerability that allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter. Proof-of-concept code is reportedly available.Control Web Panel (formerly CentOS web panel) is a server administration user interface used to manage Linux systems.Why is this Significant?This is significant because a critical vulnerability in …

attackers aware centos centos web panel code command command injection concept control control web panel critical critical vulnerability cve cve-2022-44877 exploited injection labs linux login manage panel parameter proof-of-concept report server shell systems user interface vulnerability web

Visit resource

More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - Threat Signal Report

Check Point Quantum Security Gateways Information Disclosure Vulnerability (CVE-2024-24919) 1 day, 12 hours ago | fortiguard.fortinet.com
NextGen Healthcare Mirth Connect RCE (CVE-2023-43208, CVE-2023-37679) 5 days, 10 hours ago | fortiguard.fortinet.com
code code execution command command injection +29
Genesis Market Malware Attack 1 week, 3 days ago | fortiguard.fortinet.com
attack campaign counterfeit dismantled +26
Google Chromium in Visuals Use-After-Free Vulnerability (CVE-2024-4671) 2 weeks, 5 days ago | fortiguard.fortinet.com
browser can chrome chromium +15
GitLab Password Reset Vulnerability (CVE-2023-7028) 3 weeks, 1 day ago | fortiguard.fortinet.com
account administrator attacker cisa +23
Tinyproxy use-after-free Vulnerability (CVE-2023-49606) 3 weeks, 3 days ago | fortiguard.fortinet.com
actor arbitrary code can code +21
ConnectWise ScreenConnect Vulnerabilities (CVE-2024-1708 and CVE-2024-1709) 3 weeks, 5 days ago | fortiguard.fortinet.com
access advisory application attackers +29
Ignite Realtime Openfire Path Traversal Vulnerability (CVE-2023-32315) 1 month ago | fortiguard.fortinet.com
CrushFTP VFS Sandbox Escape Vulnerability (CVE-2024-4040) 1 month ago | fortiguard.fortinet.com
attackers attacks cisa cisa known exploited vulnerabilities +27

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland
View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City
View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL
View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US
View on infosec-jobs.com

Security Compliance Strategist

@ Grab | Petaling Jaya, Malaysia
View on infosec-jobs.com

Cloud Security Architect, Lead

@ Booz Allen Hamilton | USA, VA, McLean (1500 Tysons McLean Dr)
View on infosec-jobs.com