Uncontrolled search path element vulnerability in Plesk Installer affects version 3.27.0.0. A local attacker could execute arbitrary code by injecting DLL files into the same folder where the application is installed, resulting in DLL hijacking in edputil.dll, samlib.dll, urlmon.dll, sspicli.dll,.....
7.8CVSS
8.1AI Score
0.001EPSS
Plesk 17.0 through 18.0.31 version, is vulnerable to a Cross-Site Scripting. A malicious subscription owner (either a customer or an additional user), can fully compromise the server if an administrator visits a certain page in Plesk related to the malicious...
9CVSS
8.8AI Score
0.001EPSS
Plesk CMS 18.0.37 is affected by an insecure permissions vulnerability that allows privilege Escalation from user to admin rights. OTE: the vendor states that this is only a site-specific problem on websites of one or more Plesk...
8.8CVSS
8.6AI Score
0.001EPSS
Plesk 18.0.37 is affected by a Cross Site Request Forgery (CSRF) vulnerability that allows an attacker to insert data on the user and admin panel. NOTE: the vendor states that this is only a site-specific problem on websites of one or more Plesk...
6.5CVSS
6.5AI Score
0.001EPSS
Plesk 8.6.0, when short mail login names (SHORTNAMES) are enabled, allows remote attackers to bypass authentication and send spam e-mail via a message with (1) a base64-encoded username that begins with a valid shortname, or (2) a username that matches a valid password, as demonstrated using (a)...
7.7AI Score
0.005EPSS
Multiple SQL injection vulnerabilities in SWSoft Plesk 7.6.1, 8.1.0, 8.1.1, and 8.2.0 for Windows allow remote attackers to execute arbitrary SQL commands via a PLESKSESSID cookie to (1) login.php3 or (2)...
9.4AI Score
0.001EPSS
Multiple directory traversal vulnerabilities in SWsoft Plesk for Windows 7.6.1, 8.1.0, and 8.1.1 allow remote attackers to read arbitrary files via a .. (dot dot) in the locale_id parameter to (1) login.php3 or (2)...
7.1AI Score
0.036EPSS
Directory traversal vulnerability in top.php3 in SWsoft Plesk for Windows 8.1 and 8.1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the locale_id...
7.5AI Score
0.005EPSS
Multiple cross-site scripting (XSS) vulnerabilities in SWsoft Plesk 8.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) get_password.php or (2)...
5.9AI Score
0.007EPSS
Directory traversal vulnerability in filemanager/filemanager.php in SWsoft Plesk 7.5 Reload and Plesk 7.6 for Microsoft Windows allows remote attackers to list arbitrary directories via a ../ (dot dot slash) in the file parameter in a chdir...
7.6AI Score
0.017EPSS
Cross-site scripting (XSS) vulnerability in login_up.php3 in Plesk 7.0 and 7.1 Reloaded allows remote attackers to inject arbitrary web script or HTML via the login_name parameter. NOTE: this might be the same vector as...
5.8AI Score
0.006EPSS