CVE-2011-4734

Name of the Vulnerable Software and Affected Versions Parallels Plesk Panel version 10.2.0 build 20110407.20

Description The issue concerns SQL injection vulnerabilities in the Control Panel of Parallels Plesk Panel. These vulnerabilities allow remote attackers to execute arbitrary SQL commands by providing crafted input to a PHP script. This is demonstrated through files such as file-manager/ and certain other files.

Recommendations For Parallels Plesk Panel version 10.2.0 build 20110407.20, consider restricting access to the Control Panel and limiting input to PHP scripts to minimize the risk of exploitation. As a temporary workaround, avoid using the file-manager/ and other affected files until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.