Cyber Resilience

CVE-2022-44877

CriticalCISA KEVActive ExploitationEUVD ExploitedPublic PoCRCE

Published: 05 January 2023

Published
05 January 2023
Modified
03 November 2025
KEV Added
17 January 2023
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.9446 100.0th percentile
Risk Priority 96 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-44877 is a critical-severity OS Command Injection (CWE-78) vulnerability in Control-Webpanel Webpanel. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 0.0% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2022-44877 is a command injection vulnerability in the login/index.php endpoint of Control Web Panel (CWP, also known as CentOS Web Panel) version 7 prior to 0.9.8.1147. The flaw, tracked as CWE-78, permits unsanitized shell metacharacters supplied in the login parameter to be passed to operating system commands, and carries a CVSS 3.1 base score of 9.8 reflecting network-accessible, unauthenticated exploitation with high impact on confidentiality, integrity, and availability.

Unauthenticated remote attackers can submit crafted POST requests to the affected login page and obtain arbitrary operating-system command execution on the underlying server. Successful exploitation grants attackers the ability to run any command permitted by the web-server process privileges, typically resulting in full system compromise without requiring prior authentication or user interaction.

Public exploit code and technical write-ups have been posted to Packet Storm, Full Disclosure, and GitHub, confirming that working remote-code-execution payloads are readily available. The CVE’s EPSS score has reached a peak of 0.9751 and currently stands at 0.9446, indicating sustained and substantial exploitation interest since disclosure.

EU & UK References

Vulnerability details

login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter.

CWE(s)
KEV Date Added
17 January 2023

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

control-webpanel
webpanel
≤ 0.9.8.1147

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly blocks shell metacharacters in the unauthenticated login parameter before OS command execution can occur.

prevent

Requires prompt application of the vendor patch that eliminates the command-injection flaw in login/index.php.

detect

Enables monitoring of web-server processes and command execution to identify exploitation attempts against the vulnerable endpoint.

References