We have just received word that all Plesk versions since version 12.x to 17.x a Security vulnerability which allow the end user to read files of the psaadm user. This allows you to gain access to the admin user and to use e.g. commands as root user execute.
On 15.4. the gap is to be published by the manufacturer Plesk.
Until then, all Plesk Server be updated to the latest version. There have also been updated for the old End-of-Life versions 12.x Updates provided.
How do I update my system?
via SSH e.g. simply execute the following command as root:
For Plesk 17.x:
plesk installer update
For Plesk 12.5:
plesk installer --select-release-current --reinstall-patch --upgrade-installed-components
For Plesk 12.0:
/usr/local/psa/admin/sbin/autoinstaller --select-product-id plesk --select-release-current --reinstall-patch --install-component panel
or in Plesk even via the update function. The best way to do this is to log in as admin and check for updates. In this context it also makes sense to update the operating system and activate the auto-update function.
