Parallels Plesk Panel is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the Server Administration Panel using specially-crafted input to a PHP script, which could allow the attacker to view, add, modify or delete information in the back-end database.
Plesk versions that are affected by the vulnerability:
- Plesk for Linux / Windows 7.x
- Plesk for Linux / Windows 8.x
- Plesk for Linux / Windows 9.x
- Plesk for Linux / Windows 10.0 - 10.3.1
- Update to the latest version of Parallels Plesk or install the Micro-Updates provided by the vendor. Check Web references for more information.
- WordPress Plugin Welcart e-Commerce Multiple SQL Injection Vulnerabilities (1.5.2)
- Joomla! 1.7/2.5 SQL injection vulnerability
- WordPress Plugin LeagueManager Multiple SQL Injection Vulnerabilities (188.8.131.52)
- WordPress Plugin WP Business Intelligence Lite SQL Injection (1.6.1)
- WordPress Plugin Spider Calendar Cross-Site Scripting and SQL Injection Vulnerabilities (1.0.1)