Article ID: 2159, created on Sep 10, 2007, last review on Aug 12, 2014

  • Applies to:
  • Plesk 8.2 for Windows
  • Plesk 8.1 for Windows
  • Plesk 7.6 for Windows


NOTE: The issue has been completely fixed in Plesk 8.3.

This vulnerability allows anonymous attackers to compromise Plesk application remotely.


Download one of the following files:

For Plesk 7.6.1

For Plesk 8.1.0

For Plesk

For Plesk

For Plesk 8.2

and place it in the %plesk_dir%\admin\auto_prepend folder.

Note: Please see how to install Plesk hotfixes properly.

No other additional actions are required. Plesk is secured now.

Additional Information

Plesk versions released prior to 7.6.1 must be upgraded to one of the latest versions, after which the corresponding patch should be applied.

You can learn how to fix the vulnerability in Plesk 8.6, 9.3, and 9.5 for Windows in the corresponding KB article.

Learn how to fix the directory traversal vulnerability in the Horde Framework in this KB article.

[FIX] To fix the SQL Injection vulnerability for older versions of Plesk for Linux, refer to this KB article.

a914db3fdc7a53ddcfd1b2db8f5a1b9c b23c51a6195823476e308cc12db2be0e 85a92ca67f2200d36506862eaa6ed6b8 c45acecf540ecd42a4bbfb242ce02b1d c0c38d2367acfa8909699e0b34b01dea 7000fbc03a7e92b93bc676a7c04a4ce6 e115c1a9652baf38f4af4f18d5b7ac6e 56797cefb1efc9130f7c48a7d1db0f0c

Email subscription for changes to this article
Save as PDF