Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1557

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2012-1557
Last Modified 30 Oct 2012 12:02:42
Published 12 Mar 2012 03:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-1557

Summary

SQL injection vulnerability in admin/plib/api-rpc/Agent.php in Parallels Plesk Panel 7.x and 8.x before 8.6 MU#2, 9.x before 9.5 MU#11, 10.0.x before MU#13, 10.1.x before MU#22, 10.2.x before MU#16, and 10.3.x before MU#5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in March 2012.

Vulnerable Systems

Application

  • Parallels Plesk Panel 10.0.1

  • Parallels Plesk Panel 10.1.1

  • Parallels Plesk Panel 10.2.0

  • Parallels Plesk Panel 10.3.1

  • Parallels Plesk Panel 7.0

  • Parallels Plesk Panel 7.6.1

  • Parallels Plesk Panel 8.0

  • Parallels Plesk Panel 8.1

  • Parallels Plesk Panel 8.2

  • Parallels Plesk Panel 8.3

  • Parallels Plesk Panel 8.4

  • Parallels Plesk Panel 8.6

  • Parallels Plesk Panel 9.0

  • Parallels Plesk Panel 9.2

  • Parallels Plesk Panel 9.3

  • Parallels Plesk Panel 9.5

  • Parallels Plesk Panel 9.5.4


References

BID - 52267

OSVDB - 79769

MLIST - [oss-security] 20120308 CVE-request: Parallels Plesk Panel admin/plib/api-rpc/Agent.php Unspecified SQL Injection

MISC - http://www.h-online.com/security/news/item/Bug-in-Plesk-administration-software-is-being-actively-exploited-1446587.html

MISC - http://www.cert.fi/haavoittuvuudet/2012/haavoittuvuus-2012-035.html

SECUNIA - 48262

CONFIRM - http://kb.parallels.com/en/113321

CONFIRM - http://download1.parallels.com/Plesk/PP10/parallels-plesk-panel-10-windows-updates-release-notes.html#10216

CONFIRM - http://download1.parallels.com/Plesk/PP10/parallels-plesk-panel-10-linux-updates-release-notes.html#10216

SECTRACK - 1026760


Last Updated: 27 May 2016 10:57:27