Article ID: 123533, created on Nov 13, 2014, last review on Nov 14, 2014

Situation

Internal security audit revealed high security issue in Web Presence Builder 11.5 (WPB) for Standalone installations. Overall CVSS score 6.7

Note: PA integrated WPB as well as WPB for Parallels Plesk versions are NOT affected, applicable to Standalone WPB only!

Impact

There is a possibility for a WPB user to upload and execute arbitrary script on a WPB server in web server user security context.

Resolution

Download this patch

# mkdir patch
# cd patch 
# wget https://kb.odin.com/Attachments/kcs-41886/ppb_std_11.5.13_patch_4372.zip

Create a copy of original file

# cp -ap /usr/local/sb/include/SB/Facade/Service/Site.php{,.orig} 

Unzip it

# unzip ppb_std_11.5.13_patch_4372.zip

Apply the patched file

# cp ./include/SB/Facade/Service/Site.php /usr/local/sb/include/SB/Facade/Service/

Parallels takes the security of our customers very seriously and encourages you to take the recommended actions as soon as possible.

Search Words

presence builder

standalone wpb vulnerability

vulnerability

Email subscription for changes to this article
Save as PDF