Description
The default configuration of Parallels Plesk Panel 9.0.x and 9.2.x on UNIX, and Small Business Panel 10.x on UNIX, has an improper ScriptAlias directive for phppath, which makes it easier for remote attackers to execute arbitrary code via a crafted request, a different vulnerability than CVE-2012-1823.
Remediation
References
Related Vulnerabilities
WordPress Plugin GPT AI Power Security Bypass (1.4.37)
Oracle Database Server CVE-2019-2799 Vulnerability (CVE-2019-2799)
MySQL CVE-2021-2298 Vulnerability (CVE-2021-2298)
WordPress Plugin Protected Posts Logout Button Cross-Site Request Forgery (1.4.4)
WordPress Plugin Popup Maker-Popup for opt-ins, lead gen, & more Cross-Site Request Forgery (1.18.0)