CVE-2023-4931
MEDIUMPlesk Installer 3.27.0.0 - Uncontrolled Search Path Element via DLL Hijacking
Title source: llmDescription
Uncontrolled search path element vulnerability in Plesk Installer affects version 3.27.0.0. A local attacker could execute arbitrary code by injecting DLL files into the same folder where the application is installed, resulting in DLL hijacking in edputil.dll, samlib.dll, urlmon.dll, sspicli.dll, propsys.dll and profapi.dll files.
References (2)
Core 2
Core References
Third Party Advisory
https://www.incibe.es/en/incibe-cert/notices/aviso/uncontrolled-search-path-element-vulnerability-plesk
Vendor Advisory vendor-advisory
https://support.plesk.com/hc/en-us/articles/17426121182103
Scores
CVSS v3
6.3
EPSS
0.0025
EPSS Percentile
15.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L
Details
CWE
CWE-427
Status
published
Products (1)
plesk/plesk
3.27.0.0
Published
Nov 27, 2023
Tracked Since
Feb 18, 2026