The default configuration of Parallels Plesk Panel 9.0.x and 9.2.x on UNIX, and Small Business Panel 10.x on UNIX, has an improper ScriptAlias directive for phppath, which makes it easier for remote attackers to execute arbitrary code via a crafted request, a different vulnerability than CVE-2012-1823.

Recent assessments:

Assessed Attacker Value: 0
Assessed Attacker Value: 0Assessed Attacker Value: 0

References

kb.parallels.com/116241

seclists.org/fulldisclosure/2013/Jun/21

www.kb.cert.org/vuls/id/673343

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4878

nvd 4

cvelist 4

nessus 40

prion 4

cve 4

checkpoint_advisories 1

thn 5

amazon 1

cert 2

symantec 1

saint 4

openvas 54

centos 2

freebsd 2

packetstorm 6

seebug 7

exploitpack 3

threatpost 11

metasploit 1

redhat 5

securityvulns 1

oraclelinux 2

attackerkb 1

cisa_kev 2

zdt 1

canvas 1

veracode 1

nuclei 1

exploitdb 5

fedora 10

ubuntucve 3

suse 4

ubuntu 1

hackerone 1

nmap 1

osv 1

debian 1

slackware 1

nvd

CVE-2013-4878

2013-07-18 16:51:56

CVE-2012-1823

2012-05-11 10:15:48

CVE-2012-2336

2012-05-11 10:15:48

cvelist

CVE-2013-4878

2022-10-03 16:14:57

CVE-2012-1823

2012-05-11 10:00:00

CVE-2012-2311

2012-05-11 10:00:00

nessus

Plesk Panel Apache Arbitrary PHP Code Injection

2013-06-07 00:00:00

Oracle Linux 5 / 6 : php (ELSA-2012-0546)

2013-07-12 00:00:00

Oracle Linux 5 : php53 (ELSA-2012-0547)

2013-07-12 00:00:00

prion

Default configuration

2013-07-18 16:51:00

Design/Logic Flaw

2012-05-11 10:15:00

Design/Logic Flaw

2012-05-11 10:15:00

cve

CVE-2013-4878

2022-10-03 16:14:57

CVE-2012-1823

2012-05-11 10:15:48

CVE-2012-2311

2012-05-11 10:15:48

checkpoint_advisories

PHP php-cgi Query String Parameter Code Execution (CVE-2012-1823; CVE-2012-2311; CVE-2012-2335; CVE-2012-2336; CVE-2013-4878)

2012-05-14 00:00:00

thn

Linux worm targeting Routers, Set-top boxes and Security Cameras with PHP-CGI Vulnerability

2013-11-30 09:08:00

Linux Worm targets Internet-enabled Home appliances to Mine Cryptocurrencies

2014-03-19 22:26:00

Linux worm targeting Routers, Set-top boxes and Security Cameras with PHP-CGI Vulnerability

2013-11-30 20:08:00

amazon

Critical: php

2012-05-09 14:54:00

cert

Parallels Plesk Panel phppath/php vulnerability

2013-06-07 00:00:00

PHP-CGI query string parameter vulnerability

2012-05-03 00:00:00

symantec

PHP 'php-cgi' Information Disclosure Vulnerability

2012-05-04 00:00:00

saint

PHP CGI Query String Parameters Command Execution

2012-05-15 00:00:00

PHP CGI Query String Parameters Command Execution

2012-05-15 00:00:00

PHP CGI Query String Parameters Command Execution

2012-05-15 00:00:00

openvas

RedHat Update for php53 RHSA-2012:0547-01

2012-05-08 00:00:00

RedHat Update for php53 RHSA-2012:0547-01

2012-05-08 00:00:00

CentOS Update for php CESA-2012:0546 centos6

2012-07-30 00:00:00

centos

php security update

2012-05-07 21:09:19

php53 security update

2012-05-07 23:01:16

freebsd

php -- vulnerability in certain CGI-based setups

2012-05-03 00:00:00

php -- multiple vulnerabilities

2012-05-08 00:00:00

packetstorm

PHP-CGI Argument Injection Remote Code Execution

2012-12-24 00:00:00

PHP CGI Argument Injection

2012-05-22 00:00:00

PHP CGI Argument Injection

2012-05-06 00:00:00

seebug

Apache / PHP 5.x Remote Code Execution Exploit

2013-10-31 00:00:00

PHP CGI Argument Injection

2014-07-01 00:00:00

Apache / PHP 5.x - cgi-bin Remote Code Execution Exploit

2014-07-01 00:00:00

exploitpack

PHP 5.3.12 5.4.2 - CGI Argument Injection

2012-05-05 00:00:00

Apache + PHP 5.3.12 5.4.2 - cgi-bin Remote Code Execution

2013-10-29 00:00:00

Plesk 9.5.4 - Remote Command Execution

2013-06-05 00:00:00

threatpost

U.S. Cyber Command Using Classified Intel To Scare CEOs To Action

2012-05-09 18:39:14

Exploits for Two-Year-Old PHP Security Vulnerability Found

2014-03-19 12:12:20

FEMA: State, Local Officials Not Prepared to Respond to Cyberattack

2012-05-04 15:25:34

metasploit

PHP CGI Argument Injection

2012-05-09 16:01:15

redhat

(RHSA-2012:0568) Critical: php security update

2012-05-10 00:00:00

(RHSA-2012:0569) Critical: php53 security update

2012-05-10 00:00:00

(RHSA-2012:0546) Critical: php security update

2012-05-07 00:00:00

securityvulns

PHP CGI Argument Injection Remote Exploit V0.3 - PHP Version

2012-05-24 00:00:00

oraclelinux

php security update

2012-05-07 00:00:00

php53 security update

2012-05-07 00:00:00

attackerkb

CVE-2012-1823

2012-05-11 00:00:00

cisa_kev

PHP-CGI Query String Parameter Vulnerability

2022-03-25 00:00:00

PHP-CGI OS Command Injection Vulnerability

2024-06-12 00:00:00

zdt

Apache Magicka Remote Code Execution Vulnerability

2013-10-31 00:00:00

canvas

Immunity Canvas: PHP_CGI_REMOTE

2012-05-11 10:15:00

veracode

Arbitrary Code Execution

2019-01-15 08:51:10

nuclei

PHP CGI v5.3.12/5.4.2 Remote Code Execution

2021-07-20 09:32:27

exploitdb

Plesk < 9.5.4 - Remote Command Execution

2013-06-05 00:00:00

PHP < 5.3.12 / < 5.4.2 - CGI Argument Injection

2012-05-05 00:00:00

Apache + PHP < 5.3.12 / < 5.4.2 - cgi-bin Remote Code Execution

2013-10-29 00:00:00

fedora

[SECURITY] Fedora 16 Update: maniadrive-1.2-32.fc16.5

2012-05-27 01:52:21

[SECURITY] Fedora 15 Update: php-eaccelerator-0.9.6.1-9.fc15.5

2012-05-27 07:21:55

[SECURITY] Fedora 15 Update: maniadrive-1.2-32.fc15.5

2012-05-27 07:21:55

ubuntucve

CVE-2012-2311

2012-05-04 00:00:00

CVE-2012-1823

2012-05-03 00:00:00

CVE-2012-2336

2012-05-11 00:00:00

suse

update for php5 (critical)

2012-05-07 16:08:55

Security update for PHP5 (critical)

2012-05-09 06:08:17

Security update for PHP5 (critical)

2012-05-09 22:08:16

ubuntu

PHP vulnerability

2012-05-04 00:00:00

hackerone

curl: Incorrect Encoding Conversion in hostname results in indeterminate SSRF vulnerabilities

2024-06-14 08:39:46

nmap

http-vuln-cve2012-1823 NSE Script

2012-05-08 05:56:04

osv

php5 - several

2012-05-09 00:00:00

debian

[SECURITY] [DSA 2465-1] php5 security update

2012-05-09 17:23:53

slackware

[slackware-security] php

2024-06-06 19:53:01

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.915

Percentile

98.9%

JSON

Related for AKB:ABC58E28-19A4-4DC5-A6F9-1CB801B0C53F