HTTP: Parallels Plesk Panel SQL Injection
This signature detects attempts to exploit a known issue in the Parallels Plesk Panel. An attacker can exploit this issue by manipulating the SQL query logic to carry out unauthorized actions on the underlying database.
Extended Description
Parallels Plesk Panel is prone to an unspecified remote security vulnerability that allows attackers to gain unauthorized administrative access to the application. Attackers can exploit this issue to perform unauthorized actions on the affected application. Successfully exploiting this issue results in complete compromise of the application. Limited technical details are available at this time. We will update this BID as more information emerges. Parallels Plesk Panel versions 7.6.1 through 10.3.1 are vulnerable.
Affected Products
Parallels parallels_plesk_panel
Short Name
HTTP:SQL:INJ:PARALLEL-PLESK
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2012-1557 Injection Panel Parallels Plesk SQL bid:52267
Release Date
04/10/2013
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Parallels
CVSS Score
7.5