PleskWin Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2013-0132)

Description

The suexec implementation in Parallels Plesk Panel 11.0.9 contains a cgi-wrapper whitelist entry, which allows user-assisted remote attackers to execute arbitrary PHP code via a request containing crafted environment variables.

Remediation

References

CVE-2013-0132

Related Vulnerabilities

WordPress Plugin Import XML and RSS Feeds Arbitrary File Upload (2.1.5)

Apache Tomcat Use of Incorrectly-Resolved Name or Reference Vulnerability (CVE-2021-24122)

WordPress Plugin teachPress Unspecified Vulnerability (5.0.17)

MediaWiki Improper Neutralization of Special Elements used in a Command ('Command Injection') Vulnerability (CVE-2014-9277)

WordPress Plugin WP Floating Menu-One page navigator, sticky menu for WordPress includes Backdoor [Only if downloaded via the vendor website] (1.4.4)

Severity

Medium

Classification

CVE-2013-0132 CWE-94