Plesk Panel Apache Arbitrary PHP Code Injection
High Nessus Plugin ID 66844
SynopsisThe remote web server is affected by a remote PHP code code injection vulnerability.
DescriptionThe remote host contains an Apache web server installation that is included with Parallels Plesk Panel and that is affected by a remote PHP code injection vulnerability. Due to an Apache configuration issue, a remote, unauthenticated attacker can exploit this issue by crafting a request allowing them to execute arbitrary PHP code, subject to the privileges of the Apache user.
SolutionUpgrade Plesk Panel to the latest available version or refer to the referenced link for mitigation options.