Signature Detail
Short Name |
HTTP:SQL:INJ:PARALLEL-PLESK |
|---|---|
Severity |
High |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Parallels Plesk Panel SQL Injection |
Release Date |
2013/04/10 |
Update Number |
2253 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Parallels Plesk Panel SQL Injection
This signature detects attempts to exploit a known issue in the Parallels Plesk Panel. An attacker can exploit this issue by manipulating the SQL query logic to carry out unauthorized actions on the underlying database.
Extended Description
Parallels Plesk Panel is prone to an unspecified remote security vulnerability that allows attackers to gain unauthorized administrative access to the application. Attackers can exploit this issue to perform unauthorized actions on the affected application. Successfully exploiting this issue results in complete compromise of the application. Limited technical details are available at this time. We will update this BID as more information emerges. Parallels Plesk Panel versions 7.6.1 through 10.3.1 are vulnerable.
Affected Products
- Parallels Parallels Plesk Panel 10.0
- Parallels Parallels Plesk Panel 10.1
- Parallels Parallels Plesk Panel 10.2
- Parallels Parallels Plesk Panel 10.3
- Parallels Parallels Plesk Panel 9.3
- Parallels Parallels Plesk Panel 9.5
- Parallels Plesk Panel 10.3.1
- Parallels Plesk Panel 7.6.1
- Parallels Plesk Panel 8.6
References
- BugTraq: 52267
- CVE: CVE-2012-1557