CVE Vulnerabilities

CVE-2013-4878

Published: Jul 18, 2013 | Modified: Apr 11, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu
root.io minimus.io echohq.com

The default configuration of Parallels Plesk Panel 9.0.x and 9.2.x on UNIX, and Small Business Panel 10.x on UNIX, has an improper ScriptAlias directive for phppath, which makes it easier for remote attackers to execute arbitrary code via a crafted request, a different vulnerability than CVE-2012-1823.

Affected Software

Name Vendor Start Version End Version
Parallels_plesk_panel Parallels 9.0 (including) 9.0 (including)
Parallels_plesk_panel Parallels 9.2 (including) 9.2 (including)
Parallels_small_business_panel Parallels 10.0 (including) 10.0 (including)

References