Vulnerability CVE-2013-4878


Published: 2013-07-18

Description:
The default configuration of Parallels Plesk Panel 9.0.x and 9.2.x on UNIX, and Small Business Panel 10.x on UNIX, has an improper ScriptAlias directive for phppath, which makes it easier for remote attackers to execute arbitrary code via a crafted request, a different vulnerability than CVE-2012-1823.

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Parallels -> Parallels plesk panel 
Parallels -> Parallels small business panel 

 References:
http://www.kb.cert.org/vuls/id/673343
http://seclists.org/fulldisclosure/2013/Jun/21
http://kb.parallels.com/116241

Copyright 2024, cxsecurity.com

 

Back to Top