01642 06 11 11 Arrange Call

Arbitrary PHP Code Execution Vulnerability in Parallels Plesk Panel 11.0.9

CVE-2013-0132 · MEDIUM

CVE-2013-0132

The suexec implementation in Parallels Plesk Panel 11.0.9 contains a cgi-wrapper whitelist entry, which allows user-assisted remote attackers to execute arbitrary PHP code via a request containing crafted environment variables.

Learn more about our User Device Pen Test.