Multiple vulnerabilities reported in Parallels Plesk Sitebuilder

Description
  • Multiple vulnerabilities were reported in Parallels Plesk Sitebuilder. Parallels Plesk comes with an ISAPI filter named sitepreview.dll. This filter can be abused to bypass the firewall restrictions and access the Sitebuilder interface on port 2006. Using this interface an attacker can upload and execute arbitrary code.
Remediation
  • Upgrade to the latest version of Parallels Plesk.
References