CVE-2022-44877

Name of the Vulnerable Software and Affected Versions Control Web Panel versions prior to 0.9.8.1147

Description The issue is related to the login/index.php component in Control Web Panel, which allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter. This can be exploited by sending specially crafted HTTP requests. The vulnerability is under active exploit and has a high severity rating.

Recommendations For Control Web Panel versions prior to 0.9.8.1147, update to version 0.9.8.1147 or later to resolve the issue. As a temporary workaround, consider restricting access to the login/index.php component until a patch is applied. Avoid using the login parameter in the affected API endpoint until the issue is resolved.