CVE-2022-44877

CRITICALNVD 9.89.8—Trending — 3 sources updated this weekExploited in the wild

9.8

login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter.

CVSS v3: 9.8
EG Score: 9.8(medium)
EPSS: 100.0%
KEV: ⚠ Exploited

Published

January 5, 2023

Last Modified

November 3, 2025

Advisory Details (5)

Auto-updated Jun 1, 2026

🔬 Proof of concept available. No patch confirmed yet.

generic🟡 PoC Available

Full Disclosure: Centos Web Panel 7 Unauthenticated Remote Code Execution - CVE-2022-44877

http://seclists.org/fulldisclosure/2023/Jan/1

generic

Packet Storm

http://packetstormsecurity.com/files/170820/Control-Web-Panel-Unauthenticated-Remote-Command-Execution.html

generic

Packet Storm

http://packetstormsecurity.com/files/170388/Control-Web-Panel-7-Remote-Code-Execution.html

generic

https://www.youtube.com/watch?v=kiLfSvc1SYY

generic🟡 PoC Available

# Centos Web Panel 7 Unauthenticated Remote Code Execution - CVE-2022-44877 · GitHub

https://gist.github.com/numanturle/c1e82c47f4cba24cff214e904c227386

Weakness Classification(1)

MITRE Common Weakness Enumeration — the root-cause categories this CVE belongs to.

CWE-78OS Command Injection

Data Freshness Timeline

(refreshed 20× in last 7d / 20× in last 30d)

Every time one of our enrichment pipelines (NVD, MITRE cvelistV5, EPSS, CISA KEV, GHSA, OSV, vendor advisories) ran against this CVE. Most recent first.

2026-06-07 02:41 UTCEG score recompute
2026-06-07 02:41 UTCGHSA enrichment
2026-06-06 22:43 UTCEG score recompute
2026-06-06 22:43 UTCGHSA enrichment
2026-06-06 18:45 UTCEG score recompute
2026-06-06 18:45 UTCGHSA enrichment
2026-06-06 14:47 UTCEG score recompute
2026-06-06 14:47 UTCGHSA enrichment
2026-06-06 10:48 UTCEG score recompute
2026-06-06 10:48 UTCGHSA enrichment
2026-06-06 06:50 UTCEG score recompute
2026-06-06 06:50 UTCGHSA enrichment
2026-06-06 02:52 UTCEG score recompute
2026-06-06 02:52 UTCGHSA enrichment
2026-06-05 22:53 UTCEG score recompute
2026-06-05 22:53 UTCGHSA enrichment
2026-06-05 22:43 UTCkev_newly_listed
2026-06-05 18:55 UTCEG score recompute
2026-06-05 18:55 UTCGHSA enrichment
2026-06-05 14:57 UTCEG score recompute

Publicly available exploits

(8 references)

Working exploit code is in the public domain (1 Metasploit module) (4 GitHub PoCs) (2 Exploit-DB entries). Defenders should treat patch urgency accordingly — public PoCs typically lead to mass-exploitation within 24-72 hours.

Exploit-DBEDB-51250
First seen Apr 5, 2023
Control Web Panel 7 (CWP7) v0.9.8.1147 - Remote Code Execution (RCE)
Open source ↗
Exploit-DBEDB-51194
First seen Apr 1, 2023
Centos Web Panel 7 v0.9.8.1147 - Unauthenticated Remote Code Execution (RCE)
Open source ↗
GitHub PoChotpotcookie/CVE-2022-44877-white-box
First seen Feb 15, 2023
Red Team utilities for setting up CWP CentOS 7 payload & reverse shell (Red Team 9 - CW2023)
Open source ↗
GitHub PoCChocapikk/CVE-2022-44877
First seen Feb 11, 2023
Bash Script for Checking Command Injection Vulnerability on CentOS Web Panel [CWP] (CVE-2022-44877)
Open source ↗
GitHub PoCkomomon/CVE-2022-44877-RCE
First seen Jan 6, 2023
CVE-2022-44877 Centos Web Panel 7 Unauthenticated Remote Code Execution
Open source ↗
GitHub PoCnumanturle/CVE-2022-44877
First seen Jan 5, 2023
Open source ↗
Metasploitexploit/linux/http/control_web_panel_login_cmd_exec✓ verified
First seen Jan 5, 2023
CWP login.php Unauthenticated RCE
Open source ↗
Nucleihttp/cves/2022/CVE-2022-44877.yaml
First seen Jan 1, 2022
CentOS Web Panel 7 <0.9.8.1147 - Remote Code Execution
Open source ↗

Frequently asked(6)

What is CVE-2022-44877?

CVE-2022-44877 is a critical vulnerability published on January 5, 2023. login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter.

When was CVE-2022-44877 disclosed?

CVE-2022-44877 was first published in the National Vulnerability Database on January 5, 2023, with the most recent update on November 3, 2025. EchelonGraph re-ingests CVE updates from NVD on a 2-hour cycle, so this page reflects the latest published state.

Is CVE-2022-44877 actively exploited?

Yes. CISA added CVE-2022-44877 to the Known Exploited Vulnerabilities catalog on January 17, 2023, affecting CWP Control Web Panel. KEV listing indicates confirmed exploitation in the wild; this CVE warrants immediate patching attention.

What is the CVSS score of CVE-2022-44877?

CVE-2022-44877 has a CVSS v3 base score of 9.8 (NVD).

Which products are affected by CVE-2022-44877?

CVE-2022-44877 affects CWP Control Web Panel. The full affected-products list, including version ranges and fixed versions, is shown in the Affected Packages section of this page.

How do I remediate CVE-2022-44877?

Patch to the fixed version published by the affected vendor. Where vendor advisories exist for CVE-2022-44877, EchelonGraph cross-links them in the Vendor Advisories panel below — those typically contain the canonical remediation steps, fixed version numbers, and any vendor-specific mitigations.

Dependency Blast Radius

See which npm, PyPI, Go, and Maven packages are affected by CVE-2022-44877

Explore →

Is Your Infrastructure Affected by CVE-2022-44877?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2022-44877

📅 Published

🔄 Last Modified

📋 Advisory Details (5)

Full Disclosure: Centos Web Panel 7 Unauthenticated Remote Code Execution - CVE-2022-44877

Packet Storm

Packet Storm

# Centos Web Panel 7 Unauthenticated Remote Code Execution - CVE-2022-44877 · GitHub

Weakness Classification(1)

Data Freshness Timeline

Publicly available exploits

❓ Frequently asked(6)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2022-44877?

🔗 Related CVEs(same CWE)

Same CWE

Published

Last Modified

Advisory Details (5)

Frequently asked(6)

Related CVEs(same CWE)