Parallels Plesk SQL injection vulnerability

Description

Parallels Plesk Panel is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the Server Administration Panel using specially-crafted input to a PHP script, which could allow the attacker to view, add, modify or delete information in the back-end database.

Plesk versions that are affected by the vulnerability:

  • Plesk for Linux / Windows 7.x
  • Plesk for Linux / Windows 8.x
  • Plesk for Linux / Windows 9.x
  • Plesk for Linux / Windows 10.0 - 10.3.1

Remediation

Update to the latest version of Parallels Plesk or install the Micro-Updates provided by the vendor. Check Web references for more information.

References