Description

Multiple vulnerabilities were reported in Parallels Plesk Sitebuilder. Parallels Plesk comes with an ISAPI filter named sitepreview.dll. This filter can be abused to bypass the firewall restrictions and access the Sitebuilder interface on port 2006. Using this interface an attacker can upload and execute arbitrary code.

Remediation

Upgrade to the latest version of Parallels Plesk.

References

Multiple Vulnerabilities in Parallels Plesk Sitebuilder

Parallels Plesk Sitebuilder

Related Vulnerabilities

Node.js Inspector Unauthorized Access Vulnerability

Python object deserialization of user-supplied data

Web Cache Deception

Umbraco CMS remote code execution

WordPress Plugin Jekyll Exporter Remote Code Execution (2.2.0)

Severity

High

Classification

CWE-94 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Abuse Of Functionality Arbitrary File Creation Code Execution