Numan Turle

**Name of the Vulnerable Software and Affected Versions** Control Web Panel versions prior to 0.9.8.1147 **Description** The issue is related to the login/index.php component in Control Web Panel, which allows remote attackers to execute arbitrary OS commands via shell metacharacters in the `login` parameter. This can be exploited by sending specially crafted HTTP requests. The vulnerability is under active exploit and has a high severity rating. **Recommendations** For Control Web Panel versions prior to 0.9.8.1147, update to version 0.9.8.1147 or later to resolve the issue. As a temporary workaround, consider restricting access to the login/index.php component until a patch is applied. Avoid using the `login` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** NUUO NVRmini devices (affected versions not specified) **Description** The issue allows for remote command execution via shell metacharacters in the `uploaddir` parameter for a "writeuploaddir" command in the "upgrade handle.php" file on NUUO NVRmini devices. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.