Sign-up

ID

VAR-201112-0226


CVE

CVE-2011-4763


TITLE

Parallels Plesk Small Business Panel of Site Editor In function SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2011-003450

DESCRIPTION

Multiple SQL injection vulnerabilities in the Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 allow remote attackers to execute arbitrary SQL commands via crafted input to a PHP script, as demonstrated by Wizard/Edit/Html and certain other files. As demonstrated in Wizard / Edit / Html and some other documents. Parallels Plesk Small Business Panel is prone to a sql-injection vulnerability

Trust: 2.43

sources: NVD: CVE-2011-4763 // JVNDB: JVNDB-2011-003450 // CNVD: CNVD-2011-5623 // BID: 73675

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2011-5623

AFFECTED PRODUCTS

vendor:parallelsmodel:plesk small business panelscope:eqversion:10.2.0

Trust: 3.0

vendor:parallelsmodel:plesk small business panelscope:eqversion:10.2

Trust: 0.3

sources: CNVD: CNVD-2011-5623 // BID: 73675 // JVNDB: JVNDB-2011-003450 // CNNVD: CNNVD-201112-324 // NVD: CVE-2011-4763

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-4763
value: HIGH

Trust: 1.0

NVD: CVE-2011-4763
value: HIGH

Trust: 0.8

CNVD: CNVD-2011-5623
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201112-324
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2011-4763
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2011-5623
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2011-5623 // JVNDB: JVNDB-2011-003450 // CNNVD: CNNVD-201112-324 // NVD: CVE-2011-4763

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.8

sources: JVNDB: JVNDB-2011-003450 // NVD: CVE-2011-4763

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201112-324

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201112-324

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2011-003450

PATCH
title:Parallels Small Business Panelurl:http://www.parallels.com/products/small-business-panel/documentation/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2011-003450

EXTERNAL IDS
db:NVDid:CVE-2011-4763
Trust: 3.3
db:JVNDBid:JVNDB-2011-003450
Trust: 0.8
db:CNVDid:CNVD-2011-5623
Trust: 0.6
db:CNNVDid:CNNVD-201112-324
Trust: 0.6
db:XFid:72215
Trust: 0.3
db:BIDid:73675
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2011-5623 // 
            
            
            
            BID: 73675 // 
            
            
            
            JVNDB: JVNDB-2011-003450 // 
            
            
            
            CNNVD: CNNVD-201112-324 // 
            
            
            
            NVD: CVE-2011-4763

REFERENCES
url:http://xss.cx/examples/plesk-reports/plesk-10.2.0-site-editor.html
Trust: 1.9
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4763
Trust: 1.4
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/72215
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4763
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/72215
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2011-5623 // 
            
            
            
            BID: 73675 // 
            
            
            
            JVNDB: JVNDB-2011-003450 // 
            
            
            
            CNNVD: CNNVD-201112-324 // 
            
            
            
            NVD: CVE-2011-4763

CREDITS
Unknown
Trust: 0.3
sources:
            
            
            BID: 73675

SOURCES
db:CNVDid:CNVD-2011-5623
db:BIDid:73675
db:JVNDBid:JVNDB-2011-003450
db:CNNVDid:CNNVD-201112-324
db:NVDid:CVE-2011-4763

LAST UPDATE DATE
2025-04-11T23:20:42.760000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2011-5623date:2011-12-19T00:00:00
db:BIDid:73675date:2011-12-16T00:00:00
db:JVNDBid:JVNDB-2011-003450date:2011-12-20T00:00:00
db:CNNVDid:CNNVD-201112-324date:2011-12-19T00:00:00
db:NVDid:CVE-2011-4763date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:CNVDid:CNVD-2011-5623date:2011-12-19T00:00:00
db:BIDid:73675date:2011-12-16T00:00:00
db:JVNDBid:JVNDB-2011-003450date:2011-12-20T00:00:00
db:CNNVDid:CNNVD-201112-324date:2011-12-19T00:00:00
db:NVDid:CVE-2011-4763date:2011-12-16T11:55:11.890