OS command injection vulnerability in the Core RDBMS of Control/CentOS Web Panel - CVE-2022-44877ID: oval:org.secpod.oval:def:86971 | Date: (C)2023-01-18 (M)2023-04-13 |
Class: VULNERABILITY | Family: unix |
The host is installed with Control/CentOS Web Panel 7 before 0.9.8.1147 and is prone to an OS command injection vulnerability. A flaw is present in the application, which fails to handle an issue in login/index.php file. Successful exploitation allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter.
Product: |
Control/CentOS Web Panel |