Control-Webpanel: >> Webpanel >> 0.9.8.1127 Security Vulnerabilities
CVE-2025-48703
CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1205 allows unauthenticated remote code execution via shell metacharacters in the t_total parameter in a filemanager changePerm request. A valid non-root username must be known.
Known exploited
CVSS Score
9.0
EPSS Score
0.694
Published
2025-09-19
CVE-2022-44877
login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter.
Known exploited
CVSS Score
9.8
EPSS Score
0.944
Published
2023-01-05