Remote Code Disclosure in Parallels Plesk Small Business Panel 10.2.0

Remote Code Disclosure in Parallels Plesk Small Business Panel 10.2.0

CVE-2011-4766 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

The Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 allows remote attackers to obtain ASP source code via a direct request to wysiwyg/fckconfig.js. NOTE: CVE disputes this issue because ASP is only used in a JavaScript comment

Learn more about our Web Application Penetration Testing UK.