Summary
This host is installed with Parallels Plesk and is prone to PHP code execution and command execution vulnerabilities.
Impact
Successful exploitation will allow remote attackers to execute PHP code or OS commands.
Impact Level: System/Application
Solution
Upgrade to Plesk 11.0.9 or later,
http://www.parallels.com/download/plesk
Insight
The flaws are due to improper validation of HTTP POST requests, By sending a specially crafted direct request, an attacker can execute PHP code or OS commands.
Affected
Parallels Plesk versions 9.5.4, 9.3, 9.2, 9.0 and 8.6
References
Severity
Classification
-
CVE CVE-2013-3843, CVE-2013-4878 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- AjaXplorer zoho plugin Directory Traversal Vulnerability
- Awstats Configuration File Remote Arbitrary Command Execution Vulnerability
- ApPHP MicroBlog Remote Code Execution Vulnerability
- AlienVault Open Source SIEM (OSSIM) 'timestamp' Parameter Directory Traversal Vulnerability
- Advanced Guestbook Index.PHP SQL Injection Vulnerability