VIR Vulnerability Intelligence Relay

CVE-2012-1557

high
Published 2012-03-12 · Modified 2026-04-29
CVSS v3
CVSS v2
7.5
VIR risk
7.5

Description

SQL injection vulnerability in admin/plib/api-rpc/Agent.php in Parallels Plesk Panel 7.x and 8.x before 8.6 MU#2, 9.x before 9.5 MU#11, 10.0.x before MU#13, 10.1.x before MU#22, 10.2.x before MU#16, and 10.3.x before MU#5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in March 2012.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://secunia.com/advisories/48262

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://kb.parallels.com/en/113321

Application impact
VendorProductVersionsFixed
parallelsparallels_plesk_panel7.0
parallelsparallels_plesk_panel7.6.1
parallelsparallels_plesk_panel8.0
parallelsparallels_plesk_panel8.1
parallelsparallels_plesk_panel8.2
parallelsparallels_plesk_panel8.3
parallelsparallels_plesk_panel8.4
parallelsparallels_plesk_panel8.6
parallelsparallels_plesk_panel9.0
parallelsparallels_plesk_panel9.2
parallelsparallels_plesk_panel9.3
parallelsparallels_plesk_panel9.5
parallelsparallels_plesk_panel9.5.4
parallelsparallels_plesk_panel10.0.1
parallelsparallels_plesk_panel10.1.1
parallelsparallels_plesk_panel10.2.0
parallelsparallels_plesk_panel10.3.1

References

CWEs

CWE-89

Verify integrity in audit chain (admin only). AS-IS.