SQL Injection Vulnerability in Parallels Plesk Panel Products
CVE-2012-1557

Currently unrated

Key Information:

Vendor: Parallels
Status: Parallels Plesk Panel
Vendor: CVE Published:; 12 March 2012

What is CVE-2012-1557?

A SQL injection vulnerability exists in the Plesk Panel's Admin API that permits remote attackers to execute arbitrary SQL commands through unvalidated input. This flaw was notably exploited in the wild as of March 2012, potentially leading to unauthorized access and data manipulation. Version-specific updates were made to address this security issue, emphasizing the necessity for timely patching and awareness among users to mitigate potential exploits.

References

http://www.h-online.com/security/news/item/Bug-in-Plesk-a...

x_refsource_MISC

http://kb.parallels.com/en/113321

x_refsource_CONFIRM

http://www.osvdb.org/79769

vdb-entryx_refsource_OSVDB

Timeline

Vulnerability published
Mar 12, 2012
Vulnerability Reserved
Mar 12, 2012