NOTE: The issue has been completely fixed in the Plesk 8.6 MU#2, 9.5 MU#11, 10.3 MU#5, and later version. Please refer to the /9294 to check the Micro-update version installed.
This vulnerability allows an anonymous attacker to compromise a Plesk server.
1. Create temorary directory:
# mkdir plesk_remote_vulnerability_fix_deployer
2. Go to created directory:
# cd plesk_remote_vulnerability_fix_deployer
3. Download attached archive plesk_remote_vulnerability_fix_deployer.tar.gz (md5sum: 91113205737ca1034967275543ade79b) and decompress it:
# wget http://kb.plesk.com/Attachments/18827/Attachments/plesk_remote_vulnerability_fix_deployer.tar.gz # tar -xzf plesk_remote_vulnerability_fix_deployer.tar.gz
4. Run following command from created temporary directory:
# /usr/local/psa/admin/bin/php plesk_remote_vulnerability_fix_deployer.php
There are two related articles for other platforms and versions of Plesk: