VYPR
Unrated severityNVD Advisory· Published Jul 18, 2013· Updated Jun 16, 2026

CVE-2013-4878

CVE-2013-4878

Description

The default configuration of Parallels Plesk Panel 9.0.x and 9.2.x on UNIX, and Small Business Panel 10.x on UNIX, has an improper ScriptAlias directive for phppath, which makes it easier for remote attackers to execute arbitrary code via a crafted request, a different vulnerability than CVE-2012-1823.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

5
  • cpe:2.3:a:parallels:parallels_plesk_panel:9.0:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:parallels:parallels_plesk_panel:9.0:*:*:*:*:*:*:*
    • cpe:2.3:a:parallels:parallels_plesk_panel:9.2:*:*:*:*:*:*:*
    • (no CPE)range: 9.0.x, 9.2.x
  • cpe:2.3:a:parallels:parallels_small_business_panel:10.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:parallels:parallels_small_business_panel:10.0:*:*:*:*:*:*:*
    • (no CPE)range: 10.x

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.