Article ID: 113313, created on Feb 13, 2012, last review on Jun 17, 2016

  • Applies to:
  • Plesk 10.3 for Linux/Unix
  • Plesk 10.2 for Linux/Unix
  • Plesk 10.1 for Linux/Unix


NOTE: The issue has been completely fixed in the Plesk 8.6 MU#2, 9.5 MU#11, 10.3 MU#5, and later version. Please refer to the /9294 to check the Micro-update version installed.

This vulnerability allows an anonymous attacker to compromise a Plesk server.


1. Create temorary directory:

# mkdir plesk_remote_vulnerability_fix_deployer

2. Go to created directory:

# cd plesk_remote_vulnerability_fix_deployer

3. Download attached archive plesk_remote_vulnerability_fix_deployer.tar.gz (md5sum: 91113205737ca1034967275543ade79b) and decompress it:

# wget
# tar -xzf plesk_remote_vulnerability_fix_deployer.tar.gz

4. Run following command from created temporary directory:

# /usr/local/psa/admin/bin/php plesk_remote_vulnerability_fix_deployer.php

Additional information

There are two related articles for other platforms and versions of Plesk:

[FIX] Remote vulnerability in Plesk

[FIX] SQL Injection vulnerability in Plesk session on Linux


a914db3fdc7a53ddcfd1b2db8f5a1b9c 29d1e90fd304f01e6420fbe60f66f838 d3c493291d6d9f66837ac7495dfea9ca dd0611b6086474193d9bf78e2b293040 def31538ba607bde27398f48ab5956be f4ce8084cb23619ef5fe9428ecc388ea 56797cefb1efc9130f7c48a7d1db0f0c

Email subscription for changes to this article
Save as PDF