CVE-2012-1557

Name of the Vulnerable Software and Affected Versions Parallels Plesk Panel versions 7.x through 8.x before 8.6 MU#2 Parallels Plesk Panel versions 9.x before 9.5 MU#11 Parallels Plesk Panel versions 10.0.x before MU#13 Parallels Plesk Panel versions 10.1.x before MU#22 Parallels Plesk Panel versions 10.2.x before MU#16 Parallels Plesk Panel versions 10.3.x before MU#5

Description A SQL injection issue allows remote attackers to execute arbitrary SQL commands via unspecified vectors. This issue has been exploited in the wild in March 2012.

Recommendations For Parallels Plesk Panel versions 7.x through 8.x before 8.6 MU#2, update to 8.6 MU#2 or later. For Parallels Plesk Panel versions 9.x before 9.5 MU#11, update to 9.5 MU#11 or later. For Parallels Plesk Panel versions 10.0.x before MU#13, update to MU#13 or later. For Parallels Plesk Panel versions 10.1.x before MU#22, update to MU#22 or later. For Parallels Plesk Panel versions 10.2.x before MU#16, update to MU#16 or later. For Parallels Plesk Panel versions 10.3.x before MU#5, update to MU#5 or later.