Unrated severityNVD Advisory· Published Jul 18, 2013· Updated Jun 16, 2026
CVE-2013-4878
CVE-2013-4878
Description
The default configuration of Parallels Plesk Panel 9.0.x and 9.2.x on UNIX, and Small Business Panel 10.x on UNIX, has an improper ScriptAlias directive for phppath, which makes it easier for remote attackers to execute arbitrary code via a crafted request, a different vulnerability than CVE-2012-1823.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5cpe:2.3:a:parallels:parallels_plesk_panel:9.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:parallels:parallels_plesk_panel:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:parallels:parallels_plesk_panel:9.2:*:*:*:*:*:*:*
- (no CPE)range: 9.0.x, 9.2.x
cpe:2.3:a:parallels:parallels_small_business_panel:10.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:parallels:parallels_small_business_panel:10.0:*:*:*:*:*:*:*
- (no CPE)range: 10.x
Patches
Vulnerability mechanics
References
3- kb.parallels.com/116241nvdVendor Advisory
- www.kb.cert.org/vuls/id/673343nvdUS Government Resource
- seclists.org/fulldisclosure/2013/Jun/21nvd
News mentions
0No linked articles in our index yet.