Plesk end user can get admin rights


We just received the message that all Plesk versions have been running since 12.x to 17.x. security breach which allow the end user to read files of the psaadm user. Thus one can obtain entrance to the Admin user and eg commands as root user To run.

On the 15.4. the gap should be published by the manufacturer Plesk.

Until then, all Plesk servers must be upgraded to the latest version. 12.x updates were also provided for the old end-of-life versions.

How do I update my system?

by SSH eg simply execute the following command as root:

For Plesk 17.x:

plesk installer update

For Plesk 12.5:

plesk installer --select-release-current --reinstall-patch --upgrade-installed-components

For Plesk 12.0:

/usr/local/psa/admin/sbin/autoinstaller --select-product-id plesk --select-release-current --reinstall-patch --install-component panel

or in Plesk even about the update function. To do this, log in as an admin and look for updates. It makes sense to update the operating system in this context and to activate the auto-update function.


Please enter your comment!
Please enter your name here