SymptomsNOTE: The issue has been completely fixed in Plesk 8.3.
This vulnerability allows anonymous attackers to compromise Plesk application remotely.
ResolutionDownload one of the following files:
For Plesk 7.6.1
For Plesk 8.1.0
For Plesk 220.127.116.11
For Plesk 18.104.22.168
For Plesk 8.2
and place it in the %plesk_dir%\admin\auto_prepend folder.
Note: Please see how to install Plesk hotfixes properly.
No other additional actions are required. Plesk is secured now.
Plesk versions released prior to 7.6.1 must be upgraded to one of the latest versions, after which the corresponding patch should be applied.
You can learn how to fix the vulnerability in Plesk 8.6, 9.3, and 9.5 for Windows in the corresponding KB article.
Learn how to fix the directory traversal vulnerability in the Horde Framework in this KB article.
[FIX] To fix the SQL Injection vulnerability for older versions of Plesk for Linux, refer to this KB article.