Parallels Plesk Panel Arbitrary PHP Code Execution Vulnerability

Last Update Date: 10 Jun 2013 Release Date: 7 Jun 2013 3593 Views

RISK: High Risk

High Risk

TYPE: Servers - Network Management

TYPE: Network Management

A vulnerability has been identified in Parallels Plesk Panel, which can be exploited by malicious people to compromise a vulnerable system.  The vulnerability is caused due to an unspecified error and can be exploited to execute arbitrary PHP code.

 

Successful exploitation requires a ScriptAlias for the php path using Apache's mod_alias.

Impact

  • Remote Code Execution

System / Technologies affected

  • Parallels Plesk Panel 9.x
  • Plesk 8.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Upgrade to the latest version of Plesk (version 11.5)
  • Update PHP to protect against CVE-2012-1823 vulnerability
    http://kb.parallels.com/116241
  • Do not allow untrusted networks to connect to the Plesk Panel.

Vulnerability Identifier

Source

Related Link

Share with

Previous

Symantec Web Gateway `l´ Cross-Site Scripting Vulnerability

8 May 2012 4614 Views

Next

PHP php_quot_print_encode() Buffer Overflow Vulnerability

10 Jun 2013 3507 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY