Description
The suexec implementation in Parallels Plesk Panel 11.0.9 contains a cgi-wrapper whitelist entry, which allows user-assisted remote attackers to execute arbitrary PHP code via a request containing crafted environment variables.
Remediation
References
Related Vulnerabilities
WordPress Plugin MyBlogU Cross-Site Scripting (0.0.7)
WordPress Plugin Menu Creator 'updateSortOrder.php' SQL Injection (1.1.7)
MySQL CVE-2014-6491 Vulnerability (CVE-2014-6491)
Apache HTTP Server Configuration Vulnerability (CVE-2009-1195)
Jenkins Improper Input Validation Vulnerability (CVE-2012-6072)