Product:
Search Type:

[FIX] SQL Injection vulnerability

Article ID: 2159 
Last Review: Sep,27 2007
APPLIES TO:
  • Plesk 7.6.1 for Windows
  • Plesk 8.1.0 for Windows
  • Plesk 8.1.1.2 for Windows
  • Plesk 8.2.0 for Windows

SYMPTOMS

SQL injection vulnarability which allows to modify Plesk database.

RESOLUTION

Please download the following file:

For Plesk 7.6.1

http://download1.swsoft.com/Plesk/Autoupdate/Windows/7.6.1/123413/auth.php3

For Plesk 8.1.0

http://download1.swsoft.com/Plesk/Autoupdate/Windows/8.1.0/123413/auth.php3

For Plesk 8.1.0.3

http://download1.swsoft.com/Plesk/Autoupdate/Windows/8.1.0.3/123413/auth.php3

For Plesk 8.1.1.2

http://download1.swsoft.com/Plesk/Autoupdate/Windows/8.1.1.2/123413/auth.php3

For Plesk 8.2

http://download1.swsoft.com/Plesk/Autoupdate/Windows/8.2.0/123413/auth.php3

and place it to %plesk_dir%\admin\auto_prepend folder.

Note: Please see how to install Plesk hotfixes properly.

No other additional actions are required. Plesk is secured now.

Additional information

Plesk versions below 7.6.1 must be upgraded to one of the latest versions and corresponding patch should be applied there.


Please provide feedback on this article

Did this article help you solve your issue?
Yes
No
Partially
I do not know yet
 
Strongly Agree   Strongly Disagree
  9 8 7 6 5 4 3 2 1
The article is easy to understand
The article is accurate
Additional Comments:
*Please provide us with your email address in case we need to contact you.
*Please type the code you can see.
* - required fields