• Introducing WebPros Cloud - a fully managed infrastructure platform purpose-built to simplify the deployment of WebPros products !  WebPros Cloud enables you to easily deliver WebPros solutions — without the complexity of managing the infrastructure.
    Join the pilot program today!
  • Support for BIND DNS has been removed from Plesk for Windows due to security and maintenance risks.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS.

Question vulnerability CVE-2021-21708 - PHP Code Execution

D

DanielJ

New Pleskian
Hello Pleskians and Plesk-Team!
i saw a new exploit in PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3,
As u can read here: NVD - CVE-2021-21708 or you do a quick google search on your own: "CVE-2021-21708"

So as workaround for now we surely can update our php-versions to 8.1.3 . But will there be a patch for this vulnerability?
 
You must log in or register to reply here.

Similar threads

J.Wick
Issue Multiple Vulnerabilities in PHP 5 thru 8.3.7 Could Allow for Remote Code Execution - PATCH NOW
Replies
2
Views
2K
Tobias Sorensson
T
M
Issue unable to add component PLESK-PHP8.2.
Replies
1
Views
2K
Nikolay
Nikolay
A
Resolved Can't remove php handler from list - the PHP handler "plesk-php56-fastcgi" is not found
Replies
7
Views
4K
tfrank7
T
jhernanper
Issue Unable to install SuiteCRM: Symfony Runtime Exception. Tried everything - desperate
Replies
1
Views
5K
Maarten
M
R
Question Apache FilesMatch directive vulnerability in CentOS 7....
Replies
1
Views
2K
IgorG
IgorG
Back
Top