Remote Code Execution Vulnerability in Parallels Plesk Panel by Parallels
CVE-2013-0132

Currently unrated

Key Information:

Vendor: Parallels
Status: Parallels Plesk Panel
Vendor: CVE Published:; 18 April 2013

What is CVE-2013-0132?

The suexec implementation in Parallels Plesk Panel 11.0.9 contains a vulnerability due to an insecure cgi-wrapper whitelist entry. This weakness allows user-assisted remote attackers to execute arbitrary PHP code by manipulating environment variables in crafted requests. Users of Plesk Panel should be aware of this vulnerability and ensure proper security measures are in place to mitigate potential exploitation.

References

http://www.kb.cert.org/vuls/id/310500

third-party-advisoryx_refsource_CERT-VN

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Apr 18, 2013