CVE-2022-44877
CWP Control Web Panel OS Command Injection Vulnerability
CVSS
—
No CVSS
EPSS
100.0%
p100
KEV
YES
Jan 17, 2023
Exploit Today
80
0-100
Published: — · Last modified: —
100.0%EPSS · 30 days100.0%
2026-06-302026-07-16
Product
CWP / Control Web Panel
Vulnerability
CWP Control Web Panel OS Command Injection Vulnerability
Added to KEV
Jan 17, 2023
Remediate by
Feb 7, 2023
Known ransomware use
No
Summary description
CWP Control Web Panel (formerly CentOS Web Panel) contains an OS command injection vulnerability that allows remote attackers to execute commands via shell metacharacters in the login parameter.
Required action
Apply updates per vendor instructions.
Notes
https://control-webpanel.com/changelog#1669855527714-450fb335-6194; https://nvd.nist.gov/vuln/detail/CVE-2022-44877
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2025-48703—99.9%
KEV—80CWP Control Web Panel OS Command Injection Vulnerability—