Description

The suexec implementation in Parallels Plesk Panel 11.0.9 contains a cgi-wrapper whitelist entry, which allows user-assisted remote attackers to execute arbitrary PHP code via a request containing crafted environment variables.

Remediation

References

CVE-2013-0132

Related Vulnerabilities

Moodle Improper Privilege Management Vulnerability (CVE-2019-3849)

Atlassian Confluence CVE-2024-21683 Vulnerability (CVE-2024-21683)

WordPress Plugin UpdraftPlus WordPress Backup Cross-Site Request Forgery (1.23.3)

WordPress Plugin All-In-One Security (AIOS)-Security and Firewall Cross-Site Request Forgery (4.4.3)

WordPress Plugin Social Media Flying Icons-Floating Social Media Icon Multiple Unspecified Vulnerabilities (4.2.3)

Severity

Medium

Classification

CVE-2013-0132 CWE-94

Tags

Missing Update Known Vulnerabilities