Skip to main content

Parallels Plesk Panel

5 CVEs product

Monthly

CVE-2019-18793 MEDIUM POC This Month

Parallels Plesk Panel 9.5 allows XSS in target/locales/tr-TR/help/index.htm? via the "fileName" parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Parallels Plesk Panel
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2013-4878 HIGH POC THREAT Act Now

The default configuration of Parallels Plesk Panel 9.0.x and 9.2.x on UNIX, and Small Business Panel 10.x on UNIX, has an improper ScriptAlias directive for phppath, which makes it easier for remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 13.9%.

Privilege Escalation RCE Parallels Plesk Panel Parallels Small Business Panel
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
13.9%
CVE-2013-0133 HIGH This Week

Untrusted search path vulnerability in /usr/local/psa/admin/sbin/wrapper in Parallels Plesk Panel 11.0.9 allows local users to gain privileges via a crafted PATH environment variable. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Parallels Plesk Panel
NVD
CVSS 2.0
7.2
EPSS
0.2%
CVE-2013-0132 MEDIUM This Month

The suexec implementation in Parallels Plesk Panel 11.0.9 contains a cgi-wrapper whitelist entry, which allows user-assisted remote attackers to execute arbitrary PHP code via a request containing. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

PHP Code Injection RCE Parallels Plesk Panel
NVD
CVSS 2.0
6.8
EPSS
0.5%
CVE-2012-1557 HIGH POC This Week

SQL injection vulnerability in admin/plib/api-rpc/Agent.php in Parallels Plesk Panel 7.x and 8.x before 8.6 MU#2, 9.x before 9.5 MU#11, 10.0.x before MU#13, 10.1.x before MU#22, 10.2.x before MU#16,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Parallels Plesk Panel
NVD
CVSS 2.0
7.5
EPSS
0.9%
EPSS 1% CVSS 6.1
MEDIUM POC This Month

Parallels Plesk Panel 9.5 allows XSS in target/locales/tr-TR/help/index.htm? via the "fileName" parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Parallels Plesk Panel
NVD
EPSS 14% CVSS 7.5
HIGH POC THREAT Act Now

The default configuration of Parallels Plesk Panel 9.0.x and 9.2.x on UNIX, and Small Business Panel 10.x on UNIX, has an improper ScriptAlias directive for phppath, which makes it easier for remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 13.9%.

Privilege Escalation RCE Parallels Plesk Panel +1
NVD Exploit-DB
EPSS 0% CVSS 7.2
HIGH This Week

Untrusted search path vulnerability in /usr/local/psa/admin/sbin/wrapper in Parallels Plesk Panel 11.0.9 allows local users to gain privileges via a crafted PATH environment variable. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Parallels Plesk Panel
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

The suexec implementation in Parallels Plesk Panel 11.0.9 contains a cgi-wrapper whitelist entry, which allows user-assisted remote attackers to execute arbitrary PHP code via a request containing. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

PHP Code Injection RCE +1
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

SQL injection vulnerability in admin/plib/api-rpc/Agent.php in Parallels Plesk Panel 7.x and 8.x before 8.6 MU#2, 9.x before 9.5 MU#11, 10.0.x before MU#13, 10.1.x before MU#22, 10.2.x before MU#16,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Parallels Plesk Panel
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy