Hackers exploit Control Web Panel flaw to open reverse shells

Hackers are actively exploiting a critical vulnerability patched recently in Control Web Panel (CWP), a tool for managing servers formerly known as CentOS Web Panel.

The security issue is identified as CVE-2022-44877 and received a critical severity score of 9.8 out of 10 as it allows an attacker to execute code remotely without authentication.

On January 3, researcher Numan Türle at Gais Cyber Security, who had reported the issue around October last year, published a proof-of-concept (PoC) exploit and a video showing how it works.

Read more…
Source: Bleeping Computer