CVE-2013-4878 – Plesk < 9.5.4 - Remote Command Execution

https://notcve.org/view.php?id=CVE-2013-4878

The default configuration of Parallels Plesk Panel 9.0.x and 9.2.x on UNIX, and Small Business Panel 10.x on UNIX, has an improper ScriptAlias directive for phppath, which makes it easier for remote attackers to execute arbitrary code via a crafted request, a different vulnerability than CVE-2012-1823. La configuración por defecto de Parallels Plesk Panel v9.0.x y v9.2.x en UNIX, y Small Business Panel v10.x en UNIX, tiene una directiva ScriptAlias incorrecta para phppath, lo que hace más facil para atacantes remotos ejecutar código arbitrario mediante una solicitud especialmente diseñada, una vulnerabilidad diferente a CVE-2012-1823. • https://www.exploit-db.com/exploits/25986 http://kb.parallels.com/116241 http://seclists.org/fulldisclosure/2013/Jun/21 http://www.kb.cert.org/vuls/id/673343 • CWE-264: Permissions, Privileges, and Access Controls •