Details of VAR-E-201306-0201

ID

VAR-E-201306-0201

TITLE

RETIRED: Parallels Plesk Panel Arbitrary PHP Code Injection Vulnerability

Trust: 0.3

sources: BID: 60351

DESCRIPTION

Parallels Plesk Panel is prone to an arbitrary PHP code-injection vulnerability because the application fails to adequately sanitize user-supplied input.
Attackers can exploit this issue to execute arbitrary PHP code within the context of the affected application.
The following versions are affected:
Parallels Plesk Panel 9.5.4
Parallels Plesk Panel 9.3
Parallels Plesk Panel 9.2
Parallels Plesk Panel 9.0
Parallels Plesk Panel 8.6

Trust: 0.3

sources: BID: 60351

AFFECTED PRODUCTS

vendor:	parallels	model:	plesk panel	scope:	eq	version:	8.6	Trust: 0.3
vendor:	parallels	model:	plesk panel	scope:	eq	version:	9.3	Trust: 0.3

sources: BID: 60351

EXPLOIT

Attackers can use a browser to exploit this issue.
The following exploits are available:
Bullet list:
<li><a href="/data/vulnerabilities/exploits/60351.pl">/data/vulnerabilities/exploits/60351.pl</a></li>
<li><a href="/data/vulnerabilities/exploits/60351-1.pl">/data/vulnerabilities/exploits/60351-1.pl</a></li>

Trust: 0.3

sources: BID: 60351

PRICE

Free

Trust: 0.3

sources: BID: 60351

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 60351

CREDITS

Kingcope

Trust: 0.3

sources: BID: 60351

EXTERNAL IDS

db:

BID

id:

60351

Trust: 0.3

sources: BID: 60351

REFERENCES

url:

http://www.parallels.com/products/plesk/

Trust: 0.3

sources: BID: 60351

SOURCES

db:

BID

id:

60351

LAST UPDATE DATE

2022-07-27T09:40:27.695000+00:00

SOURCES UPDATE DATE

db:

BID

id:

60351

date:

2013-06-07T22:15:00

SOURCES RELEASE DATE

db:

BID

id:

60351

date:

2013-06-05T00:00:00