Search Engine: Elastic

Article ID: 123533, created on Nov 13, 2014, last review on Nov 14, 2014


Internal security audit revealed high security issue in Web Presence Builder 11.5 (WPB) for Standalone installations. Overall CVSS score 6.7

Note: PA integrated WPB as well as WPB for Parallels Plesk versions are NOT affected, applicable to Standalone WPB only!


There is a possibility for a WPB user to upload and execute arbitrary script on a WPB server in web server user security context.


Download this patch

# mkdir patch
# cd patch 
# wget

Create a copy of original file

# cp -ap /usr/local/sb/include/SB/Facade/Service/Site.php{,.orig} 

Unzip it

# unzip

Apply the patched file

# cp ./include/SB/Facade/Service/Site.php /usr/local/sb/include/SB/Facade/Service/

Parallels takes the security of our customers very seriously and encourages you to take the recommended actions as soon as possible.

Email subscription for changes to this article
Save as PDF