PT-2011-5096 · Parallels · Parallels Plesk Small Business Panel
Published
2011-12-16
·
Updated
2024-08-07
·
CVE-2011-4766
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Parallels Plesk Small Business Panel version 10.2.0
Description
The Site Editor feature in Parallels Plesk Small Business Panel allows remote attackers to obtain ASP source code via a direct request to "wysiwyg/fckconfig.js". Note that the issue is disputed because ASP is only used in a JavaScript comment.
Recommendations
For Parallels Plesk Small Business Panel version 10.2.0, consider restricting access to the "wysiwyg/fckconfig.js" file to prevent remote attackers from obtaining ASP source code.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Parallels Plesk Small Business Panel