Let’s delve into an inventory of Plesk vulnerabilities and perceive their implications. Our Plesk Assist workforce is right here that will help you along with your questions and issues.
Plesk Vulnerabilities Record: Safeguard Your Server
Plesk is a well-liked internet hosting management panel. Nonetheless, it has fallen sufferer to numerous safety vulnerabilities over time, affecting a number of variations of the software program. These vulnerabilities can pose vital dangers to server integrity and information safety.
Because of this we have to implement sturdy safety measures and guarantee constant updates to keep away from potential threats. Let’s take a look at some notable Plesk vulnerabilities and perceive their implications.
Key Plesk Vulnerabilities
- CVE-2023-4931
An uncontrolled search path aspect vulnerability in Plesk Installer model 3.27.0.Zero lets a neighborhood attacker to execute arbitrary code. That is executed by injecting DLL recordsdata into the appliance’s folder.
This results in DLL hijacking in recordsdata like edputil.dll, samlib.dll, urlmon.dll, sspicli.dll, propsys.dll, and profapi.dll.
- CVE-2023-43784
Plesk Onyx 17.8.11 has fields associated to an Amazon AWS Firehose element, particularly accessKeyId and secretAccessKey. The presence of those fields may very well be a possible vulnerability.
- CVE-2023-24044
A bunch header injection difficulty on the login web page of Plesk Obsidian by means of model 18.0.49 lets attackers redirect customers to malicious web sites through a number request header.
- CVE-2023-0829
Moreover, Variations of Plesk from 17.Zero by means of 18.0.31 are weak to cross-site scripting (XSS). This could be a downside if the administrator visits a particular web page in Plesk associated to the malicious subscription.
- CVE-2022-45130
Moreover, Plesk Obsidian is inclined to a cross-site request forgery (CSRF) assault through the /api/v2/cli/instructions REST API, which may change an admin password. That is particular to Plesk’s naming conference post-version 12.
- CVE-2021-45008
Plesk CMS model 18.0.37 has an insecure permissions vulnerability that enables privilege escalation from consumer to admin rights.
- CVE-2021-45007
Additionally, model 18.0.37 of Plesk additionally suffers from a CSRF vulnerability, enabling an attacker to insert information into the consumer and admin panels.
- CVE-2020-11584
Moreover, a GET-based mirrored XSS vulnerability in Plesk Onyx model 17.8.11 lets distant unauthenticated customers inject arbitrary JavaScript, HTML, or CSS through a GET parameter.
- CVE-2020-11583
Equally, Plesk Obsidian model 18.0.17 has a GET-based mirrored XSS vulnerability permitting distant unauthenticated customers to inject arbitrary JavaScript, HTML, or CSS through a GET parameter.
[Need assistance with a different issue? Our team is available 24/7.]
Conclusion
Briefly, our Assist Specialists launched us to the numerous Plesk vulnerabilities and their implications.
