Remote Code Execution Vulnerability in Parallels Plesk Panel and Small Business Panel
CVE-2013-4878

Currently unrated

Key Information:

Vendor: Parallels
Status: Parallels Plesk Panel; Parallels Small Business Panel
Vendor: CVE Published:; 18 July 2013

What is CVE-2013-4878?

The default configuration of Parallels Plesk Panel versions 9.0.x and 9.2.x, as well as Small Business Panel 10.x, on UNIX systems is susceptible to a remote code execution vulnerability. This issue arises from an improper ScriptAlias directive for phppath, allowing attackers to execute arbitrary code through specially crafted requests. This vulnerability poses significant risks to server integrity and user data security.

References

http://seclists.org/fulldisclosure/2013/Jun/21

mailing-listx_refsource_FULLDISC

http://www.kb.cert.org/vuls/id/673343

third-party-advisoryx_refsource_CERT-VN

http://kb.parallels.com/116241

x_refsource_CONFIRM

EPSS Score

36% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jul 18, 2013