The US CISA added the Centos Web Panel 7 unauthenticated remote code execution flaw (CVE-2022-44877) to its Known Exploited Vulnerabilities Catalog.
The flaw impacts the software before 0.9.8.1147, it was addressed with the release of 0.9.8.1147 version on October 25, 2022. The vulnerability was discovered by Numan Türle from Gais Security.
Researchers warn that threat actors are actively exploiting the vulnerability in Control Web Panel (CWP).