Centos Web Panel 7 Unauthenticated Remote Code Execution (RCE) - 20230109003

Overview

A vulnerability classified as critical was found in Centos Panel 7. This vulnerability affects an unknown functionality of the file /login/index.php of the component HTTP Request Handler. As an impact, it is known to affect confidentiality, integrity, and availability (CIA).

What is the vulnerability ?

Bash commands can be run because double quotes are used to log incorrect entries to the system.

CVE-2022-44877 - An issue in the /login/index.php component of Centos Web Panel 7 before v0.9.8.1147 allows unauthenticated attackers to execute arbitrary system commands via crafted HTTP requests.

What is vulnerable ?

• Centos Web Panel 7 Unauthenticated Remote Code Execution
• Centos Web Panel 7 - before Version 0.9.8.1147

What has been observed ?

There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.

Recommendation

Upgrade to CWP7 current version.

Reference

• Video Proof of Concept (PoC) - https://www.youtube.com/watch?v=kiLfSvc1SYY
• Seclist.org - https://seclists.org/fulldisclosure/2023/Jan/1
• GitHub - https://github.com/numanturle/CVE-2022-44877#centos-web-panel-7-unauthenticated-remote-code-execution---cve-2022-44877