Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-xkcj-sz1d-z3ak
Summary
Aliases
0
alias CVE-2022-44877
Fixed_packages
Affected_packages
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-44877
reference_id
reference_type
scores
0
value 0.94457
scoring_system epss
scoring_elements 0.99994
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-44877
1
reference_url http://seclists.org/fulldisclosure/2023/Jan/1
reference_id 1
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-01-29T15:24:25Z/
url http://seclists.org/fulldisclosure/2023/Jan/1
2
reference_url https://gist.github.com/numanturle/c1e82c47f4cba24cff214e904c227386
reference_id c1e82c47f4cba24cff214e904c227386
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-01-29T15:24:25Z/
url https://gist.github.com/numanturle/c1e82c47f4cba24cff214e904c227386
3
reference_url http://packetstormsecurity.com/files/171725/Control-Web-Panel-7-CWP7-0.9.8.1147-Remote-Code-Execution.html
reference_id Control-Web-Panel-7-CWP7-0.9.8.1147-Remote-Code-Execution.html
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-01-29T15:24:25Z/
url http://packetstormsecurity.com/files/171725/Control-Web-Panel-7-CWP7-0.9.8.1147-Remote-Code-Execution.html
4
reference_url http://packetstormsecurity.com/files/170388/Control-Web-Panel-7-Remote-Code-Execution.html
reference_id Control-Web-Panel-7-Remote-Code-Execution.html
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-01-29T15:24:25Z/
url http://packetstormsecurity.com/files/170388/Control-Web-Panel-7-Remote-Code-Execution.html
5
reference_url http://packetstormsecurity.com/files/170820/Control-Web-Panel-Unauthenticated-Remote-Command-Execution.html
reference_id Control-Web-Panel-Unauthenticated-Remote-Command-Execution.html
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-01-29T15:24:25Z/
url http://packetstormsecurity.com/files/170820/Control-Web-Panel-Unauthenticated-Remote-Command-Execution.html
6
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/webapps/51194.txt
reference_id CVE-2022-44877
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/webapps/51194.txt
7
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/51250.go
reference_id CVE-2022-44877
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/51250.go
8
reference_url https://www.youtube.com/watch?v=kiLfSvc1SYY
reference_id watch?v=kiLfSvc1SYY
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-01-29T15:24:25Z/
url https://www.youtube.com/watch?v=kiLfSvc1SYY
Weaknesses
Exploits
0
date_added 2023-01-17
description CWP Control Web Panel (formerly CentOS Web Panel) contains an OS command injection vulnerability that allows remote attackers to execute commands via shell metacharacters in the login parameter.
required_action Apply updates per vendor instructions.
due_date 2023-02-07
notes https://control-webpanel.com/changelog#1669855527714-450fb335-6194; https://nvd.nist.gov/vuln/detail/CVE-2022-44877
known_ransomware_campaign_use false
source_date_published null
exploit_type null
platform null
source_date_updated null
data_source KEV
source_url null
1
date_added null
description 
Control Web Panel versions < 0.9.8.1147 are vulnerable to
          unauthenticated OS command injection. Successful exploitation results
          in code execution as the root user. The results of the command are not
          contained within the HTTP response and the request will block while
          the command is running.
required_action null
due_date null
notes 
Stability:
  - crash-safe
Reliability:
  - repeatable-session
SideEffects:
  - ioc-in-logs
  - artifacts-on-disk
known_ransomware_campaign_use false
source_date_published 2023-01-05
exploit_type null
platform Linux,Unix
source_date_updated null
data_source Metasploit
source_url https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/linux/http/control_web_panel_login_cmd_exec.rb
2
date_added 2023-04-05
description Control Web Panel 7 (CWP7) v0.9.8.1147 - Remote Code Execution (RCE)
required_action null
due_date null
notes null
known_ransomware_campaign_use false
source_date_published 2023-04-05
exploit_type webapps
platform php
source_date_updated 2023-04-05
data_source Exploit-DB
source_url
Severity_range_score9.8 - 9.8
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-xkcj-sz1d-z3ak