GHSA-2785-qq7p-x3cjCriticalCVSS 9.9
Plesk contains an XPath injection vulnerability in the APS Application Catalog search...
🔗 CVE IDs covered (1)
📋 Description
Plesk contains an XPath injection vulnerability in the APS Application Catalog search functionality, where user-supplied input is interpolated into XPath queries without proper sanitization. This allows an authenticated, low-privileged user to execute arbitrary operating system commands on the server, resulting in local privilege escalation.