Wikimedia Hundreds of thousands of websites could be endangered by publicly available attack code exploiting a critical vulnerability in the Plesk control panel . This particular vulnerability gives hackers control of the server it runs on according to security researchers. The code-execution vulnerability affects default versions 8.6, 9.0, 9.2, 9.3, and 9.5.4 of Plesk running on the Linux and FreeBSD operating systems, a configuration used by more than 360,000 websites . Plesk running on Windows and other types of Unix haven’t been tested to see if those configurations are vulnerable as well. The exploit code was released Wednesday on the Full-Disclosure mailing list by “kingcope,” a pseudonymous security researcher who has frequented the forum for years. He has a proven track record for developing reliable exploits. “This vulnerability has a high severity rating,” kingcope wrote in an e-mail to Ars. “An attacker can use this exploit to get a command line shell remotely with the privileges of the configured Apache user.” Read 7 remaining paragraphs | Comments
See more here:
More than 360,000 Apache websites imperiled by critical Plesk vulnerability
