SQL Injection Vulnerability in Parallels Plesk Panel Products
CVE-2012-1557

Currently unrated

Key Information:

Vendor: Parallels
Status: Parallels Plesk Panel
Vendor: CVE Published:; 12 March 2012

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2012-1557?

A SQL injection vulnerability exists in the Plesk Panel's Admin API that permits remote attackers to execute arbitrary SQL commands through unvalidated input. This flaw was notably exploited in the wild as of March 2012, potentially leading to unauthorized access and data manipulation. Version-specific updates were made to address this security issue, emphasizing the necessity for timely patching and awareness among users to mitigate potential exploits.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2012-1557 - Proof of Concept

References

http://www.h-online.com/security/news/item/Bug-in-Plesk-a...

x_refsource_MISC

http://kb.parallels.com/en/113321

x_refsource_CONFIRM

http://www.osvdb.org/79769

vdb-entryx_refsource_OSVDB

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Mar 12, 2012
👾
Exploit known to exist
Mar 12, 2012
Vulnerability published
Mar 12, 2012
Vulnerability Reserved
Mar 12, 2012

CVE-2012-1557 Data

JSON