CVE-2012-1557

EUVD-2012-1575
SQL injection vulnerability in admin/plib/api-rpc/Agent.php in Parallels Plesk Panel 7.x and 8.x before 8.6 MU#2, 9.x before 9.5 MU#11, 10.0.x before MU#13, 10.1.x before MU#22, 10.2.x before MU#16, and 10.3.x before MU#5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in March 2012.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 80%
Affected Products (NVD)
VendorProductVersion
parallelsparallels_plesk_panel
7.0
parallelsparallels_plesk_panel
7.6.1
parallelsparallels_plesk_panel
8.0
parallelsparallels_plesk_panel
8.1
parallelsparallels_plesk_panel
8.2
parallelsparallels_plesk_panel
8.3
parallelsparallels_plesk_panel
8.4
parallelsparallels_plesk_panel
8.6
parallelsparallels_plesk_panel
9.0
parallelsparallels_plesk_panel
9.2
parallelsparallels_plesk_panel
9.3
parallelsparallels_plesk_panel
9.5
parallelsparallels_plesk_panel
9.5.4
parallelsparallels_plesk_panel
10.0.1:mu_\#10
parallelsparallels_plesk_panel
10.0.1:mu_\#11
parallelsparallels_plesk_panel
10.0.1:mu_\#2
parallelsparallels_plesk_panel
10.0.1:mu_\#3
parallelsparallels_plesk_panel
10.0.1:mu_\#5
parallelsparallels_plesk_panel
10.0.1:mu_\#7
parallelsparallels_plesk_panel
10.1.1:mu_\#10
parallelsparallels_plesk_panel
10.1.1:mu_\#11
parallelsparallels_plesk_panel
10.1.1:mu_\#12
parallelsparallels_plesk_panel
10.1.1:mu_\#13
parallelsparallels_plesk_panel
10.1.1:mu_\#15
parallelsparallels_plesk_panel
10.1.1:mu_\#16
parallelsparallels_plesk_panel
10.1.1:mu_\#17
parallelsparallels_plesk_panel
10.1.1:mu_\#18
parallelsparallels_plesk_panel
10.1.1:mu_\#19
parallelsparallels_plesk_panel
10.1.1:mu_\#20
parallelsparallels_plesk_panel
10.2.0:mu_\#1
parallelsparallels_plesk_panel
10.2.0:mu_\#10
parallelsparallels_plesk_panel
10.2.0:mu_\#11
parallelsparallels_plesk_panel
10.2.0:mu_\#12
parallelsparallels_plesk_panel
10.2.0:mu_\#2
parallelsparallels_plesk_panel
10.2.0:mu_\#3
parallelsparallels_plesk_panel
10.2.0:mu_\#4
parallelsparallels_plesk_panel
10.2.0:mu_\#5
parallelsparallels_plesk_panel
10.2.0:mu_\#7
parallelsparallels_plesk_panel
10.2.0:mu_\#8
parallelsparallels_plesk_panel
10.2.0:mu_\#9
parallelsparallels_plesk_panel
10.3.1:mu_\#2
parallelsparallels_plesk_panel
10.3.1:mu_\#3
parallelsparallels_plesk_panel
10.3.1:mu_\#4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://download1.parallels.com/Plesk/PP10/parallels-plesk-panel-10-linux-updates-release-notes.html#10216
http://download1.parallels.com/Plesk/PP10/parallels-plesk-panel-10-windows-updates-release-notes.html#10216
http://kb.parallels.com/en/113321
http://secunia.com/advisories/48262
http://www.cert.fi/haavoittuvuudet/2012/haavoittuvuus-2012-035.html
http://www.h-online.com/security/news/item/Bug-in-Plesk-administration-software-is-being-actively-exploited-1446587.html
http://www.openwall.com/lists/oss-security/2012/03/08/3
http://www.osvdb.org/79769
http://www.securityfocus.com/bid/52267
http://www.securitytracker.com/id?1026760
https://exchange.xforce.ibmcloud.com/vulnerabilities/73628
http://download1.parallels.com/Plesk/PP10/parallels-plesk-panel-10-linux-updates-release-notes.html#10216
http://download1.parallels.com/Plesk/PP10/parallels-plesk-panel-10-windows-updates-release-notes.html#10216
http://kb.parallels.com/en/113321
http://secunia.com/advisories/48262
http://www.cert.fi/haavoittuvuudet/2012/haavoittuvuus-2012-035.html
http://www.h-online.com/security/news/item/Bug-in-Plesk-administration-software-is-being-actively-exploited-1446587.html
http://www.openwall.com/lists/oss-security/2012/03/08/3
http://www.osvdb.org/79769
http://www.securityfocus.com/bid/52267
http://www.securitytracker.com/id?1026760
https://exchange.xforce.ibmcloud.com/vulnerabilities/73628