Plesk Panel Apache Arbitrary PHP Code Injection
High Nessus Plugin ID 66844
SynopsisThe remote web server is affected by a remote PHP code code injection
DescriptionThe remote host contains an Apache web server installation that is
included with Parallels Plesk Panel and that is affected by a remote
PHP code injection vulnerability. Due to an Apache configuration
issue, a remote, unauthenticated attacker can exploit this issue by
crafting a request allowing them to execute arbitrary PHP code,
subject to the privileges of the Apache user.
SolutionUpgrade Plesk Panel to the latest available version or refer to the
referenced link for mitigation options.