SQL Injection Vulnerabilities in Parallels Plesk Panel by Parallels
CVE-2011-4725

Currently unrated

Key Information:

Vendor: Parallels
Status: Parallels Plesk Panel
Vendor: CVE Published:; 16 December 2011

What is CVE-2011-4725?

The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 is exposed to multiple SQL injection vulnerabilities. These flaws enable remote attackers to manipulate SQL queries through specially crafted input to certain PHP scripts, including login_up.php3. Successful exploitation could lead to unauthorized access and execution of arbitrary SQL commands, posing serious security risks to users by compromising sensitive data.

References

http://xss.cx/examples/plesk-reports/plesk-redhat-el6-psa...

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/72334

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 16, 2011
Vulnerability Reserved
Dec 11, 2011