CVE-2013-4878

EXPLOITED

Parallels Plesk Panel <9.0.x, 9.2.x - RCE

Title source: llm

Exploitation Summary

CVE-2013-4878 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including kingcope.

AI-analyzed exploit summary This exploit leverages a misconfiguration in Plesk's Apache `scriptAlias` directive to directly execute PHP code via the `/phppath/php` endpoint, bypassing file-based execution. It uses URL-encoded PHP arguments to disable security features and execute arbitrary commands.

Description

The default configuration of Parallels Plesk Panel 9.0.x and 9.2.x on UNIX, and Small Business Panel 10.x on UNIX, has an improper ScriptAlias directive for phppath, which makes it easier for remote attackers to execute arbitrary code via a crafted request, a different vulnerability than CVE-2012-1823.

Exploits (1)

exploitdb WORKING POC VERIFIED

by kingcope · textremotephp

https://www.exploit-db.com/exploits/25986

View Code ZIP pw:eip

This exploit leverages a misconfiguration in Plesk's Apache `scriptAlias` directive to directly execute PHP code via the `/phppath/php` endpoint, bypassing file-based execution. It uses URL-encoded PHP arguments to disable security features and execute arbitrary commands.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Parallels Plesk Panel (9.0, 9.2, 9.3, 9.5.4, 8.6)

No auth needed

Prerequisites: Plesk with vulnerable Apache `scriptAlias` misconfiguration · Network access to TCP/80 or TCP/443

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Mailing List mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2013/Jun/21

US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/673343

Vendor Advisory x_refsource_confirm

http://kb.parallels.com/116241

Scores

EPSS 0.1394

EPSS Percentile 94.5%

Details

VulnCheck KEV 2013-06-06

CWE

CWE-264

Status published

Products (3)

parallels/parallels_plesk_panel 9.0

parallels/parallels_plesk_panel 9.2

parallels/parallels_small_business_panel 10.0

Published Jul 18, 2013

Tracked Since Feb 18, 2026