This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: Unauthenticated Remote Code Execution (RCE) in CentOS Web Panel (CWP).β¦
π‘οΈ **Root Cause**: OS Command Injection in `/login/index.php`. π **Flaw**: The component fails to sanitize input, allowing shell metacharacters (like `$()`) to inject and execute commands directly into the OS shell.
Q3Who is affected? (Versions/Components)
π¦ **Affected**: CentOS Web Panel 7 (CWP7). π **Versions**: All versions **prior to 0.9.8.1147**. π **Component**: Specifically the login interface (`/login/index.php`).
Q4What can hackers do? (Privileges/Data)
π **Privileges**: Commands run with the privileges of the web server user (often root or high-privilege context in CWP).β¦
π **Threshold**: **Extremely Low**. π« **Auth**: **No authentication required**. π **Access**: Any unauthenticated user can send a crafted HTTP request to trigger the exploit remotely.
Q6Is there a public Exp? (PoC/Wild Exploitation)
π₯ **Public Exp**: **Yes**. Multiple PoCs exist on GitHub (e.g., by numanturle, Chocapikk). π **Wild Exploitation**: High risk; automated scanners and scripts are available to detect and exploit this flaw globally.
Q7How to self-check? (Features/Scanning)
π **Self-Check**: Send a request to `https://<target>/login/index.php?login=$(whoami)`.β¦
π οΈ **Fix**: Upgrade CWP to version **0.9.8.1147** or later. π **Note**: The vendor (Control Web Panel) released a changelog entry addressing this security issue.
Q9What if no patch? (Workaround)
π§ **Workaround**: If patching is impossible, **block external access** to port 2031 (CWP default) via firewall.β¦
β‘ **Urgency**: **CRITICAL (P0)**. π’ **Action**: Patch immediately. Since it is unauthenticated and public, active exploitation is highly likely. Treat as a server breach until verified patched.