https://arstechnica.com/information-technology/2023/01/vulnerability-with-9-8-severity-in-control-web-panel-is-under-active-exploit/

Malicious hackers have begun exploiting a critical vulnerability in unpatched versions of the Control Web Panel, a widely used interface for web hosting.

“This is an unauthenticated RCE,” members of the Shadowserver group wrote on Twitter, using the abbreviation for remote code exploit. “Exploitation is trivial and a PoC published.” PoC refers to a proof-of-concept code that exploits the vulnerability.