2 matches found
CVE-2013-0132
The suexec implementation in Parallels Plesk Panel 11.0.9 contains a cgi-wrapper whitelist entry, which allows user-assisted remote attackers to execute arbitrary PHP code via a request containing crafted environment variables...
CVE-2013-0132
The CVE-2013-0132 entry documents a vulnerability in Parallels Plesk Panel 11.0.9 where the suexec implementation uses a cgi-wrapper whitelist entry that, because suexec does not sanitize environment variables, allows a user-assisted remote attacker to execute arbitrary PHP code via a crafted req...