What is it about?
A critical vulnerability CVE-2020-13166 has been discovered in MyLittleAdmin v3.8 and lower, that allows a remote attacker to execute commands on the server. An attacker can exploit the vulnerability and send a payload that starts an executable process in the context of IIS Application Engine.
Kindly refer to the link below for complete details:
-------
https://ssd-disclosure.com/ssd-advisory-mylittleadmin-preauth-rce/
-------
Who is affected?
All Windows servers with MyLittleAdmin v3.8 and lower installed and Plesk installations having the MyLittleAdmin component.
What needs to be done on the server to fix this?
Shared servers:
On our shared Windows hosting platforms, our system administration team is taking the necessary measures to mitigate this vulnerability across all servers.
Dedicated Windows servers:
For Dedicated Windows hosting platforms, we recommend removing the MyLittleAdmin component from Plesk or removing the vulnerable machine key by following the steps mentioned in the below URL:
--------
https://support.plesk.com/hc/en-us/articles/360013996240
--------
For independent MyLittleAdmin installations, you can uninstall the tool ‘myLittleAdmin for SQL Server’, under Control Panel>Uninstall a Program and click ‘Uninstall’
Friday, June 5, 2020
Powered by WHMCompleteSolution
