Search for:

Available article translations:

Parallels Plesk Panel: PHP-CGI remote code execution vulnerability (CVE-2012-1823)

Article ID: 113818, created on May 4, 2012, last review on Aug 12, 2014

  • Plesk 9.2 for Linux/Unix
  • Plesk 9.0 for Linux/Unix


On May 3rd, 2012, PHP-CGI remote code execution vulnerability was disclosed to the general public (CVE-2012-1823).
This is a Critical Vulnerability affecting software that contains PHP-CGI.
PHP-FastCGI is not vulnerable to this exploit.

Parallels Plesk Panel (PP) for Windows versions 10.4 and earlier versions are NOT affected.

PP for Linux versions 9.3 - 10.4 are NOT affected by the PHP-CGI remote code execution vulnerability due to their use of the special cgi_wrapper script.
PP for Linux versions 8.6 and earlier versions are NOT affected due to their use of mod_php only.

PP for Linux versions 9.0 - 9.2.3 might be vulnerable.


To fix this issue on PP for Linux 9.0 - 9.2.3, apply one of the following workarounds:

1. It is strongly recommended that you update PP to the latest version that is not vulnerable.

Parallels's End of Life policy is available here:

2. CGI wrapper is the recommended way to work around the issue if a PP update is not possible.

Parallels has prepared a script for automatic updating the server with the wrapper.
Download the archived script cve-2012-1823-wa_pp.tgz from the attachment on the server with Parallels Plesk Panel for Linux 9.0 - 9.2.3.
Extract it from the archive and execute it:

# wget
# tar xfz cve-2012-1823-wa_pp.tgz
# cd cve-2012-1823-wa_pp
# bash

3.  It is also possible to work around the problem with .htaccess rules for each website.

RewriteEngine on
RewriteCond %{QUERY_STRING} ^[^=]*$
RewriteCond %{QUERY_STRING} %2d|\- [NC]
RewriteRule .? - [F,L]

This workaround requires such configuration to be applied per webspace, which makes it complicated when thousands of webspaces are hosted.

Additional information

Note that this vulnerability affects websites created with the help of Parallels Operations Automation. For more details, read the following article:

113814 PHP-CGI remote code execution vulnerability (CVE-2012-1823) in Parallels Automation


56797cefb1efc9130f7c48a7d1db0f0c 11a46d8a188d618564f4f0cead9a50f3 a914db3fdc7a53ddcfd1b2db8f5a1b9c 29d1e90fd304f01e6420fbe60f66f838 6ef0db7f1685482449634a455d77d3f4 4f57df935e9acf8d18830757d2346419

Was this article helpful?
Tell us how we may improve it.
Yes No
Server Virtualization
- Odin Cloud Server
- Odin Containers for Windows 6.0
- Odin Virtuozzo Containers
- Odin Automation
- Odin Automation for Cloud Infrastructure
- Odin Business Automation Standard
- Odin Virtual Automation
- Odin Plesk Panel Suite
- Web Presence Builder
- Odin Plesk Automation
- Odin Small Business Panel
- Value-added Services for Hosters
- Odin Partner Storefront
Services & Resources
- Cloud Acceleration Services
- Professional Services
- Support Services
- Training & Certification