Security vulnerability in Standalone WPB 11.5

Created:

2016-11-16 13:25:05 UTC

Modified:

2017-08-16 18:27:13 UTC

0

Was this article helpful?


Have more questions?

Submit a request

Security vulnerability in Standalone WPB 11.5

Applicable to:

  • Web Presence Builder for Linux

Situation

Internal security audit revealed high security issue in Web Presence Builder 11.5 (WPB) for Standalone installations. Overall CVSS score 6.7

Note: PA integrated WPB as well as WPB for Parallels Plesk versions are NOT affected, applicable to Standalone WPB only!

Impact

There is a possibility for a WPB user to upload and execute arbitrary script on a WPB server in web server user security context.

Resolution

Download this patch

# mkdir patch
# cd patch
# wget https://support.plesk.com/hc/article_attachments/115004388989/ppb_std_11.5.13_patch_4372.zip

Create a copy of original file

# cp -ap /usr/local/sb/include/SB/Facade/Service/Site.php{,.orig}

Unzip it

# unzip ppb_std_11.5.13_patch_4372.zip

Apply the patched file

# cp ./include/SB/Facade/Service/Site.php /usr/local/sb/include/SB/Facade/Service/

Parallels takes the security of our customers very seriously and encourages you to take the recommended actions as soon as possible.

Attachments:

Have more questions? Submit a request
Please sign in to leave a comment.