CVE-2011-4741

Name of the Vulnerable Software and Affected Versions Parallels Plesk Panel version 10.2.0 build 20110407.20

Description The issue allows remote attackers to obtain potentially sensitive information by reading a web page that includes a database connection string within the Control Panel. This is demonstrated by accessing the /client@2/domain@1/hosting/aspdotnet/ endpoint.

Recommendations For Parallels Plesk Panel version 10.2.0 build 20110407.20, consider restricting access to the /client@2/domain@1/hosting/aspdotnet/ endpoint to minimize the risk of exploitation. Additionally, remove or secure the database connection string from the web page to prevent unauthorized access to sensitive information.