CVE-2014-2546, CVE-2014-2547, CVE-2014-2548, Parallels Panel for Windows Version 11.5.30

CVE Assignments for Parallels Panel for Windows Version 11.5.30

Parallels Panel for Windows Version 11.5.30 contains multiple Vulnerabilities which may lead to SQL Injection and Priv Escalation.

Author: Hoyt LLC
Date: August 12, 2014
Subject: CVE Assignments for Parallels Panel for Windows Version 11.5.30

  1. CVE-2014-2546 Multiple Unspecified Parameterized XSS Vulnerabilities (CWE-79) requiring Authentication
  2. CVE-2014-2547 Multiple Unspecified Parameterized Information Disclosure Vulnerabilities (CWE-200) requiring Authentication
  3. CVE-2014-2548 Multiple Unspecified Parameterized SQL Injection Vulnerabilities (CWE-89) requiring Authentication

REMEDY
All Parallels Panel for Windows Version 11.5.30 customers should UPGRADE to Plesk Panel Version 12 from within your Panel.

PoC
To be published once a reasonable amount of time has elapsed to permit upgrades by Exploitable Sites.