Lucene search

[email protected]CVE-2012-1557

HistoryMar 12, 2012 - 7:55 p.m.

CVE-2012-1557

2012-03-1219:55:01

CWE-89

[email protected]

web.nvd.nist.gov

cve-2012-1557

sql injection

parallels plesk panel

remote attackers

security vulnerability

exploited in the wild

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.7 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

74.5%

JSON

SQL injection vulnerability in admin/plib/api-rpc/Agent.php in Parallels Plesk Panel 7.x and 8.x before 8.6 MU#2, 9.x before 9.5 MU#11, 10.0.x before MU#13, 10.1.x before MU#22, 10.2.x before MU#16, and 10.3.x before MU#5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in March 2012.

Affected configurations

NVD

Node

parallelsparallels_plesk_panelMatch7.0

parallelsparallels_plesk_panelMatch7.6.1

parallelsparallels_plesk_panelMatch8.0

parallelsparallels_plesk_panelMatch8.1

parallelsparallels_plesk_panelMatch8.2

parallelsparallels_plesk_panelMatch8.3

parallelsparallels_plesk_panelMatch8.4

parallelsparallels_plesk_panelMatch8.6

Node

parallelsparallels_plesk_panelMatch9.0

parallelsparallels_plesk_panelMatch9.2

parallelsparallels_plesk_panelMatch9.3

parallelsparallels_plesk_panelMatch9.5

parallelsparallels_plesk_panelMatch9.5.4

Node

parallelsparallels_plesk_panelMatch10.0.1mu_\#10

parallelsparallels_plesk_panelMatch10.0.1mu_\#11

parallelsparallels_plesk_panelMatch10.0.1mu_\#2

parallelsparallels_plesk_panelMatch10.0.1mu_\#3

parallelsparallels_plesk_panelMatch10.0.1mu_\#5

parallelsparallels_plesk_panelMatch10.0.1mu_\#7

Node

parallelsparallels_plesk_panelMatch10.1.1mu_\#10

parallelsparallels_plesk_panelMatch10.1.1mu_\#11

parallelsparallels_plesk_panelMatch10.1.1mu_\#12

parallelsparallels_plesk_panelMatch10.1.1mu_\#13

parallelsparallels_plesk_panelMatch10.1.1mu_\#15

parallelsparallels_plesk_panelMatch10.1.1mu_\#16

parallelsparallels_plesk_panelMatch10.1.1mu_\#17

parallelsparallels_plesk_panelMatch10.1.1mu_\#18

parallelsparallels_plesk_panelMatch10.1.1mu_\#19

parallelsparallels_plesk_panelMatch10.1.1mu_\#20

Node

parallelsparallels_plesk_panelMatch10.2.0mu_\#1

parallelsparallels_plesk_panelMatch10.2.0mu_\#10

parallelsparallels_plesk_panelMatch10.2.0mu_\#11

parallelsparallels_plesk_panelMatch10.2.0mu_\#12

parallelsparallels_plesk_panelMatch10.2.0mu_\#2

parallelsparallels_plesk_panelMatch10.2.0mu_\#3

parallelsparallels_plesk_panelMatch10.2.0mu_\#4

parallelsparallels_plesk_panelMatch10.2.0mu_\#5

parallelsparallels_plesk_panelMatch10.2.0mu_\#7

parallelsparallels_plesk_panelMatch10.2.0mu_\#8

parallelsparallels_plesk_panelMatch10.2.0mu_\#9

Node

parallelsparallels_plesk_panelMatch10.3.1mu_\#2

parallelsparallels_plesk_panelMatch10.3.1mu_\#3

parallelsparallels_plesk_panelMatch10.3.1mu_\#4

CPENameOperatorVersion
parallels:parallels_plesk_panelparallels parallels plesk paneleq7.0
parallels:parallels_plesk_panelparallels parallels plesk paneleq7.6.1
parallels:parallels_plesk_panelparallels parallels plesk paneleq8.0
parallels:parallels_plesk_panelparallels parallels plesk paneleq8.1
parallels:parallels_plesk_panelparallels parallels plesk paneleq8.2
parallels:parallels_plesk_panelparallels parallels plesk paneleq8.3
parallels:parallels_plesk_panelparallels parallels plesk paneleq8.4
parallels:parallels_plesk_panelparallels parallels plesk paneleq8.6

CPE	Name	Operator	Version
parallels:parallels_plesk_panel	parallels parallels plesk panel	eq	7.0
parallels:parallels_plesk_panel	parallels parallels plesk panel	eq	7.6.1
parallels:parallels_plesk_panel	parallels parallels plesk panel	eq	8.0
parallels:parallels_plesk_panel	parallels parallels plesk panel	eq	8.1
parallels:parallels_plesk_panel	parallels parallels plesk panel	eq	8.2
parallels:parallels_plesk_panel	parallels parallels plesk panel	eq	8.3
parallels:parallels_plesk_panel	parallels parallels plesk panel	eq	8.4
parallels:parallels_plesk_panel	parallels parallels plesk panel	eq	8.6

References

download1.parallels.com/Plesk/PP10/parallels-plesk-panel-10-linux-updates-release-notes.html#10216

download1.parallels.com/Plesk/PP10/parallels-plesk-panel-10-windows-updates-release-notes.html#10216

kb.parallels.com/en/113321

secunia.com/advisories/48262

www.cert.fi/haavoittuvuudet/2012/haavoittuvuus-2012-035.html

www.h-online.com/security/news/item/Bug-in-Plesk-administration-software-is-being-actively-exploited-1446587.html

www.openwall.com/lists/oss-security/2012/03/08/3

www.osvdb.org/79769

www.securityfocus.com/bid/52267

www.securitytracker.com/id?1026760

exchange.xforce.ibmcloud.com/vulnerabilities/73628

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.7 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

74.5%

JSON

Related for CVE-2012-1557

prion1 nvd1 cvelist1