This article provides fixes for the most critical vulnerabilities in older Parallels Plesk Panel versions, including 8.x, 9.0.x - 9.5.5, and 10.0.x - 10.4.4 on Linux. Even earlier versions, such as 7.x, 6.x, etc., must be upgraded to a later version that is not vulnerable.
NOTE: The mentioned fixes are available through the following Micro-Updates:
Create a temporary directory:
# mkdir plesk_remote_vulnerability_fix_deployer
Go to the created directory:
# cd plesk_remote_vulnerability_fix_deployer
Download the attached file (md5sum: 7589fba44bd3d5b8c5b5c430a86d79f7) and decompress it:
# wget http://kb.plesk.com/Attachments/kcs-23896/plesk_remote_vulnerability_fix_deployer.tar.gz # tar -xzf plesk_remote_vulnerability_fix_deployer.tar.gz
Run the following command from the created temporary directory:
# /usr/local/psa/admin/bin/php plesk_remote_vulnerability_fix_deployer.php
NOTE: To simplify a mass deployment in the Parallels Virtuozzo Containers (PVC) for Linux environment, it is recommended that you utilize the plesk_remote_vulnerability_fix_mass_deployer script:
Upload this archive to a separate folder on the Hardware Node: plesk_remote_vulnerability_fix_mass_deployer.tar.gz (md5sum: 2dd4f90ca8f591814dd7d7d2cf2e8477)
Unpack the archive:
# tar -xzf plesk_remote_vulnerability_fix_mass_deployer.tar.gz
Run the contained shell script as root:
If you have 9.5.4 for Linux or 9.5.4/9.5.5 for Windows, both of which are managed by Parallels Expand, Parallels Plesk Panel 9.5.4 and Parallels Plesk Expand 2.3.2+ Compatibility Patch should be installed after applying the MUs or custom fixes.