EIP-2026-110476

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-110476. PoCs published by alieye.

AI-analyzed exploit summary This exploit details multiple vulnerabilities in Parallels Plesk Sitebuilder, including authentication bypass, arbitrary file upload, arbitrary file download, XSS, and unauthorized website creation. It provides step-by-step instructions for exploiting these flaws, particularly focusing on uploading a shell via a file extension manipulation technique.

Description

Parallels Plesk Sitebuilder 9.5 - Multiple Vulnerabilities

Exploits (1)

exploitdb WORKING POC

by alieye · textwebappsphp

https://www.exploit-db.com/exploits/34593

View Code ZIP pw:eip

This exploit details multiple vulnerabilities in Parallels Plesk Sitebuilder, including authentication bypass, arbitrary file upload, arbitrary file download, XSS, and unauthorized website creation. It provides step-by-step instructions for exploiting these flaws, particularly focusing on uploading a shell via a file extension manipulation technique.

Classification

Working Poc 90%

Attack Type

Auth Bypass | Rce | Info Leak | Xss

Complexity

Moderate

Reliability

Reliable

Target: Parallels Plesk Sitebuilder 4.5 (and associated Plesk Panel 9.5)

No auth needed

Prerequisites: Access to the target web interface · Live HTTP Headers tool for file upload exploitation · A crafted shell file for RCE

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1003 - OS Credential Dumping T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Parallels Plesk Sitebuilder 9.5 - Multiple Vulnerabilities

Exploitation Summary

Description

Exploits (1)

Details