BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

Parallels Plesk Remote Code Execution Vulnerability

Disclosed June 5, 2013    No Patch Available

Vulnerability Description:

Plesk is vulnerable to a remote PHP script execution vulnerability, which results in arbitrary code execution in the vulnerable system. Active exploitation of this vulnerability has been confirmed as early as April 2013. Multiple reports indicate that 9.2 is affected, while the original researcher claims multiple versions to be affected.

Vendors:

Parallels, Inc.

Vulnerable Software/Devices:

Plesk 9.5.4
Plesk 9.3
Plesk 9.2
Plesk 9.0
Plesk 8.6

Vulnerability Severity:

High

Exploit Availability:

N/A

Exploit Impact:

Remote Code Execution
Remote Code Execution Exploitation of this vulnerability is possible via a maliciously crafted request. Attackers who successfully exploit this vulnerability will be able to execute code on the vulnerable system with the same rights as Plesk.

BeyondTrust Prevention and Detection:

BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.

  • 19269 - Plesk Remote Command Execution (Zero Day)

Mitigation:

No mitigations are currently available.

Links:

CVE(s):

None

Leave a Reply