CVE-2025-48703 — CWP Control Web Panel — CWP Control Web Panel OS Command Injection Vulnerability

CWP Control Web Panel (formerly CentOS Web Panel) contains an OS command Injection vulnerability that allows unauthenticated remote code execution via shell metacharacters in the t_total parameter in a filemanager changePerm request. A valid non-root username…