Plesk XXE Injection Vulnerability Network Vulnerability

Summary

Plesk is prone to a XXE Vulnerability.

Impact

An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system or to execute code in the context of the affected application.

Solution

Ask the vendor for an update.

Affected

Plesk versions 10.4.4 and 11.0.9 other versions may also be affected.

Detection

Send a special crafted HTTP POST request and check the response.

References

http://makthepla.net/blog/=/plesk-sso-xxe-xss

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 7.8 AV:N/AC:L/Au:N/C:C/I:N/A:N

Related Vulnerabilities

A Really Simple Chat Multiple SQL Injection Vulnerabilities
artmedic_links5 File Inclusion Vulnerability
ASP-Dev XM Event Diary Multiple Vulnerabilities
Apache Tomcat AJP Protocol Security Bypass Vulnerability
ActualAnalyzer Lite 'ant' Cookie Parameter Remote Command Execution Vulnerability

Take action and discover your vulnerabilities