Plesk is vulnerable to a remote PHP script execution vulnerability, which results in arbitrary code execution in the vulnerable system. Active exploitation of this vulnerability has been confirmed as early as April 2013. Multiple reports indicate that 9.2 is affected, while the original researcher claims multiple versions to be affected.
Remote Code Execution
Remote Code Execution Exploitation of this vulnerability is possible via a maliciously crafted request. Attackers who successfully exploit this vulnerability will be able to execute code on the vulnerable system with the same rights as Plesk.
BeyondTrust Prevention and Detection:
BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.
- 19269 - Plesk Remote Command Execution (Zero Day)
No mitigations are currently available.