Remote Code Execution in Parallels Plesk Panel Affected by Lack of HTTPOnly Flag
CVE-2011-4738
Currently unrated
What is CVE-2011-4738?
The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 is susceptible to a vulnerability that omits the HTTPOnly flag in the Set-Cookie header. This flaw allows remote attackers to potentially access sensitive information through script-based attacks on the cookie, particularly via files such as get_password.php. Without the protection provided by the HTTPOnly attribute, user sessions and other critical cookie data can be exploited, leading to unauthorized access to user accounts and system resources.