Parallels Plesk PHP Code Execution And Command Execution Vulnerabilities Network Vulnerability

Summary

This host is installed with Parallels Plesk and is prone to PHP code execution and command execution vulnerabilities.

Impact

Successful exploitation will allow remote attackers to execute PHP code or OS commands. Impact Level: System/Application

Solution

Upgrade to Plesk 11.0.9 or later, http://www.parallels.com/download/plesk

Insight

The flaws are due to improper validation of HTTP POST requests, By sending a specially crafted direct request, an attacker can execute PHP code or OS commands.

Affected

Parallels Plesk versions 9.5.4, 9.3, 9.2, 9.0 and 8.6

References

http://seclists.org/fulldisclosure/2013/Jun/21
http://seclists.org/fulldisclosure/2013/Jun/25
http://www.exploit-db.com/exploits/25986/

Updated on 2017-03-28

Severity

Classification

CVE CVE-2013-3843, CVE-2013-4878

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Arkeia Appliance Multiple Vulnerabilities
4Images <= 1.7.1 Directory Traversal Vulnerability
AdPeeps 'index.php' Multiple Vulnerabilities.
Ajax File and Image Manager 'data.php' PHP Code Injection Vulnerability
Atutor AContent Multiple SQL Injection and XSS Vulnerabilities

Parallels Plesk PHP Code Execution and Command Execution Vulnerabilities

Take action and discover your vulnerabilities