Vulnerability Note VU#673343
Parallels Plesk Panel phppath/php vulnerability
Parallels Plesk Panel versions 9.0 - 9.2.3 on Linux platforms are vulnerable to remote code execution.
Parallels Plesk Panel versions 9.0 - 9.2.3 on Linux platforms may be exploited by a combination of CVE-2012-1823 and the Plesk phppath script alias usage. There have been reports that this vulnerability is being exploited in the wild.
A remote unauthenticated attacker may be able to run arbitrary code under the context of the web server user.
Apply an Update
Parallels Plesk Panel 9.0 - 9.2.3 have been considered end-of-life software for over 3 years. Users should upgrade to at least 9.5.4 or later. Parallels will provide additional workaround mitigations in Knowledge base article 116241 soon.
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Parallels Holdings Ltd||Affected||06 Jun 2013||07 Jun 2013|
CVSS Metrics (Learn More)
Kingcope published an exploit for this vulnerability to the Full Disclosure mailing list.
This document was written by Jared Allar.
- CVE IDs: CVE-2012-1823
- Date Public: 05 Jun 2013
- Date First Published: 07 Jun 2013
- Date Last Updated: 07 Jun 2013
- Document Revision: 15
If you have feedback, comments, or additional information about this vulnerability, please send us email.