The default configuration of Parallels Plesk Panel 9.0.x and 9.2.x on UNIX, and Small Business Panel 10.x on UNIX, has an improper ScriptAlias directive for phppath, which makes it easier for remote malicious users to execute arbitrary code via a crafted request, a different vulnerability than CVE-2012-1823.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
parallels parallels_plesk_panel 9.2 |
||
parallels parallels_plesk_panel 9.0 |
||
parallels parallels_small_business_panel 10.0 |