Parallels Plesk SQL injection vulnerability

  • Parallels Plesk Panel is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the Server Administration Panel using specially-crafted input to a PHP script, which could allow the attacker to view, add, modify or delete information in the back-end database.

    Plesk versions that are affected by the vulnerability:
    • Plesk for Linux / Windows 7.x
    • Plesk for Linux / Windows 8.x
    • Plesk for Linux / Windows 9.x
    • Plesk for Linux / Windows 10.0 - 10.3.1
  • Update to the latest version of Parallels Plesk or install the Micro-Updates provided by the vendor. Check Web references for more information.