CVE-2023-4931 MEDIUM

CVE-2023-4931: Uncontrolled search path element vulnerability in Plesk

Vendor Plesk
Product Plesk Installer
Weakness CWE-427
Published November 27, 2023
Last update August 2, 2024

CVSS base score

6.3/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L

What the vulnerability does

01Description

Uncontrolled search path element vulnerability in Plesk Installer affects version 3.27.0.0. A local attacker could execute arbitrary code by injecting DLL files into the same folder where the application is installed, resulting in DLL hijacking in edputil.dll, samlib.dll, urlmon.dll, sspicli.dll, propsys.dll and profapi.dll files.

Key dates

02Disclosure timeline

November 27, 2023 CVE published
August 2, 2024 Record updated