New plesk exploit on linux versions 9.0-9.23

Yup, as per the title – Parallels alert about new exploit on Plesk linux versions 9.0-9.23. This is just an announce so I will be short.

The PHP Group issued a vulnerability alert that PHP-CGI-based setups contain vulnerability when parsing query string parameters from PHP files. PHP CGI Advisory You can find more information at the PHP‘s website. A remote unauthenticated attacker could obtain sensitive information, cause a denial of service condition or may be able to execute arbitrary code with the privileges of the web server. As per the Parallels Plesk Lifecycle Policy, these versions do not provide ongoing patch support. Upgrade to the latest version of Parallels Plesk Panel will eliminate this vulnerability.

That’s it! Keep your systems up-to date.

Filed Under: Articles

Anthony Gee About the Author: Anthony G. is an IT specialist with more than 9 years of solid working experience in the Web Hosting industry. Currently works as server support administrator, involved in consultative discussions about Web Hosting and server administration. One of the first writers in the website, now writing for Free Tutorials community - he is publishing tutorials and articles for the wide public, as well as specific technical solutions.

Leave a Reply