Parallels Plesk Panel is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the Server Administration Panel using specially-crafted input to a PHP script, which could allow the attacker to view, add, modify or delete information in the back-end database.
Plesk versions that are affected by the vulnerability:
- Plesk for Linux / Windows 7.x
- Plesk for Linux / Windows 8.x
- Plesk for Linux / Windows 9.x
- Plesk for Linux / Windows 10.0 - 10.3.1
Update to the latest version of Parallels Plesk or install the Micro-Updates provided by the vendor. Check Web references for more information.
WordPress Plugin Pierre's Wordspew 'wordspew.php' Multiple SQL Injection Vulnerabilities (5.61)
WordPress Plugin Content Timeline Multiple SQL Injection Vulnerabilities (4.4.2)
WordPress Plugin Popup Like box-Page SQL Injection (3.5.2)
WordPress Plugin Popup Builder-Responsive WordPress Pop up-Subscription & Newsletter SQL Injection (3.44)