Parallels Plesk SQL injection vulnerability

Description
  • Parallels Plesk Panel is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the Server Administration Panel using specially-crafted input to a PHP script, which could allow the attacker to view, add, modify or delete information in the back-end database. <br/><br/> Plesk versions that are affected by the vulnerability: <ul> <li>Plesk for Linux / Windows 7.x</li> <li>Plesk for Linux / Windows 8.x</li> <li>Plesk for Linux / Windows 9.x</li> <li>Plesk for Linux / Windows 10.0 - 10.3.1</li> </ul>
Remediation
  • Update to the latest version of Parallels Plesk or install the Micro-Updates provided by the vendor. Check Web references for more information.
References