Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An improper authorization vulnerability in the Plesk XML API allows an authenticated user to inject arbitrary configuration directives, resulting in arbitrary file write as root and full privilege escalation on the underlying server.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Vulnerability Title
WebPros Plesk 代码注入漏洞
Vulnerability Description
WebPros Plesk是WebPros公司的网站服务器管理平台。 Plesk 存在代码注入漏洞,该漏洞源于Plesk XML API中的授权漏洞,可能导致认证用户注入任意配置指令,从而实现以root权限写入任意文件并完全提升权限。以下版本受到影响:18.0.78之前版本。
CVSS Information
N/A
Vulnerability Type
N/A