Описание
Uncontrolled search path element vulnerability in Plesk Installer affects version 3.27.0.0. A local attacker could execute arbitrary code by injecting DLL files into the same folder where the application is installed, resulting in DLL hijacking in edputil.dll, samlib.dll, urlmon.dll, sspicli.dll, propsys.dll and profapi.dll files.
Ссылки
- Vendor Advisory
- Third Party Advisory
- Vendor Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:plesk:plesk:3.27.0.0:*:*:*:*:*:*:*
EPSS
Процентиль: 13%
0.00043
Низкий
6.3 Medium
CVSS3
7.8 High
CVSS3
Дефекты
CWE-427
Связанные уязвимости
CVSS3: 6.3
github
больше 1 года назад
Uncontrolled search path element vulnerability in Plesk Installer affects version 3.27.0.0. A local attacker could execute arbitrary code by injecting DLL files into the same folder where the application is installed, resulting in DLL hijacking in edputil.dll, samlib.dll, urlmon.dll, sspicli.dll, propsys.dll and profapi.dll files.
EPSS
Процентиль: 13%
0.00043
Низкий
6.3 Medium
CVSS3
7.8 High
CVSS3
Дефекты
CWE-427