CVE-2012-1557 Information

Description

SQL injection vulnerability in admin/plib/api-rpc/Agent.php in Parallels Plesk Panel 7.x and 8.x before 8.6 MU2 9.x before 9.5 MU11 10.0.x before MU13 10.1.x before MU22 10.2.x before MU16 and 10.3.x before MU5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors as exploited in the wild in March 2012.

Reference

http://download1.parallels.com/Plesk/PP10/parallels-plesk-panel-10-linux-updates-release-notes.html10216 http://download1.parallels.com/Plesk/PP10/parallels-plesk-panel-10-windows-updates-release-notes.html10216 http://kb.parallels.com/en/113321 http://secunia.com/advisories/48262 http://www.cert.fi/haavoittuvuudet/2012/haavoittuvuus-2012-035.html http://www.h-online.com/security/news/item/Bug-in-Plesk-administration-software-is-being-actively-exploited-1446587.html http://www.openwall.com/lists/oss-security/2012/03/08/3 http://www.osvdb.org/79769 http://www.securityfocus.com/bid/52267 http://www.securitytracker.com/id?1026760 https://exchange.xforce.ibmcloud.com/vulnerabilities/73628