Vulnerability Details CVE-2012-1557
SQL injection vulnerability in admin/plib/api-rpc/Agent.php in Parallels Plesk Panel 7.x and 8.x before 8.6 MU#2, 9.x before 9.5 MU#11, 10.0.x before MU#13, 10.1.x before MU#22, 10.2.x before MU#16, and 10.3.x before MU#5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in March 2012.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 65.7%
CVSS Severity
CVSS v2 Score 7.5
References
- http://download1.parallels.com/Plesk/PP10/parallels-plesk-panel-10-linux-updates-release-notes.html#10216
- http://download1.parallels.com/Plesk/PP10/parallels-plesk-panel-10-windows-updates-release-notes.html#10216
- http://kb.parallels.com/en/113321
- http://secunia.com/advisories/48262
- http://www.cert.fi/haavoittuvuudet/2012/haavoittuvuus-2012-035.html
- http://www.h-online.com/security/news/item/Bug-in-Plesk-administration-software-is-being-actively-exploited-1446587.html
- http://www.openwall.com/lists/oss-security/2012/03/08/3
- http://www.osvdb.org/79769
- http://www.securityfocus.com/bid/52267
- http://www.securitytracker.com/id?1026760
- https://exchange.xforce.ibmcloud.com/vulnerabilities/73628
- http://download1.parallels.com/Plesk/PP10/parallels-plesk-panel-10-linux-updates-release-notes.html#10216
- http://download1.parallels.com/Plesk/PP10/parallels-plesk-panel-10-windows-updates-release-notes.html#10216
- http://kb.parallels.com/en/113321
- http://secunia.com/advisories/48262
- http://www.cert.fi/haavoittuvuudet/2012/haavoittuvuus-2012-035.html
- http://www.h-online.com/security/news/item/Bug-in-Plesk-administration-software-is-being-actively-exploited-1446587.html
- http://www.openwall.com/lists/oss-security/2012/03/08/3
- http://www.osvdb.org/79769
- http://www.securityfocus.com/bid/52267
- http://www.securitytracker.com/id?1026760
- https://exchange.xforce.ibmcloud.com/vulnerabilities/73628
Products affected by CVE-2012-1557
-
cpe:2.3:a:parallels:parallels_plesk_panel:10.0.1
-
cpe:2.3:a:parallels:parallels_plesk_panel:10.1.1
-
cpe:2.3:a:parallels:parallels_plesk_panel:10.2.0
-
cpe:2.3:a:parallels:parallels_plesk_panel:10.3.1
-
cpe:2.3:a:parallels:parallels_plesk_panel:7.0
-
cpe:2.3:a:parallels:parallels_plesk_panel:7.6.1
-
cpe:2.3:a:parallels:parallels_plesk_panel:8.0
-
cpe:2.3:a:parallels:parallels_plesk_panel:8.1
-
cpe:2.3:a:parallels:parallels_plesk_panel:8.2
-
cpe:2.3:a:parallels:parallels_plesk_panel:8.3
-
cpe:2.3:a:parallels:parallels_plesk_panel:8.4
-
cpe:2.3:a:parallels:parallels_plesk_panel:8.6
-
cpe:2.3:a:parallels:parallels_plesk_panel:9.0
-
cpe:2.3:a:parallels:parallels_plesk_panel:9.2
-
cpe:2.3:a:parallels:parallels_plesk_panel:9.3
-
cpe:2.3:a:parallels:parallels_plesk_panel:9.5
-
cpe:2.3:a:parallels:parallels_plesk_panel:9.5.4