The host is installed with Control/CentOS Web Panel 7 before 0.9.8.1147 and is prone to an OS command injection vulnerability. A flaw is present in the application, which fails to handle an issue in login/index.php file. Successful exploitation allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter.