Description

The suexec implementation in Parallels Plesk Panel 11.0.9 contains a cgi-wrapper whitelist entry, which allows user-assisted remote attackers to execute arbitrary PHP code via a request containing crafted environment variables.

Remediation

References

CVE-2013-0132

Related Vulnerabilities

WordPress Plugin Simple Sitemap-Create a Responsive HTML Sitemap Security Bypass (3.5.4)

IBM RTC CVE-2020-4964 Vulnerability (CVE-2020-4964)

WordPress 4.0.x Multiple Vulnerabilities (4.0 - 4.0.24)

MySQL CVE-2021-2122 Vulnerability (CVE-2021-2122)

WordPress Plugin WP Online Store Local File Include and Multiple File Disclosure Vulnerabilities (1.3.1)

Severity

Medium

Classification

CVE-2013-0132 CWE-94

Tags

Missing Update Known Vulnerabilities