Description

Multiple vulnerabilities were reported in Parallels Plesk Sitebuilder. Parallels Plesk comes with an ISAPI filter named sitepreview.dll. This filter can be abused to bypass the firewall restrictions and access the Sitebuilder interface on port 2006. Using this interface an attacker can upload and execute arbitrary code.

Remediation

Upgrade to the latest version of Parallels Plesk.

References

Multiple Vulnerabilities in Parallels Plesk Sitebuilder

Parallels Plesk Sitebuilder

Related Vulnerabilities

WordPress Plugin Lightbox Jquery Possible Remote Code Execution (0.24)

XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-29211)

Rails remote code execution using render :inline

WordPress Plugin All-in-One WP Migration Remote Code Execution (2.0.2)

Deserialization of Untrusted Data (.NET BinaryFormatter Object Deserialization)

Severity

High

Classification

CWE-94 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Abuse Of Functionality Arbitrary File Creation Code Execution