CVE-2023-4931

Name: CVE-2023-4931
Creator: NVD / NIST
Published: 2023-11-27T14:15:07.93+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.8/10EPSS 0.25%

Last modified Jun 17, 2026

CVE-2023-4931 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. Uncontrolled search path element vulnerability in Plesk Installer affects version 3.27.0.0. A local attacker could execute arbitrary code by injecting DLL files into the same folder where the application is installed, resulting in DLL hijacking in edputil.dll, samlib.dll, urlmon.dll, sspicli.dll, propsys.dll and profapi.dll files.. EPSS estimates a 0.25% chance of exploitation in the next 30 days.

Description

Uncontrolled search path element vulnerability in Plesk Installer affects version 3.27.0.0. A local attacker could execute arbitrary code by injecting DLL files into the same folder where the application is installed, resulting in DLL hijacking in edputil.dll, samlib.dll, urlmon.dll, sspicli.dll, propsys.dll and profapi.dll files.

Metrics

CVSS 3.1

7.8/10

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Probability

0.25%

16.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-427

Affected Software

Vendor	Product	Versions
Plesk	Plesk	3.27.0.0

References

https://support.plesk.com/hc/en-us/articles/17426121182103Vendor Advisory
https://www.incibe.es/en/incibe-cert/notices/aviso/uncontrolled-search-path-element-vulnerability-pleskThird Party Advisory
https://support.plesk.com/hc/en-us/articles/17426121182103Vendor Advisory
https://www.incibe.es/en/incibe-cert/notices/aviso/uncontrolled-search-path-element-vulnerability-pleskThird Party Advisory

Timeline

Published: Nov 27, 2023
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2023-4931?

How severe is CVE-2023-4931?

CVE-2023-4931 has a CVSS score of 7.8/10 (HIGH severity). The EPSS model estimates a 0.25% probability of exploitation in the next 30 days.

How do I fix CVE-2023-4931?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-4931?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST