[FIX] DB Webadmin vulnerability

Article ID: 2231 
Last Review: Oct,6 2008
Author: Basalyko Roman APPLIES TO:
  • Plesk 8.2.0 for Windows

Symptoms

Domain users can have an access to databases from different domains.

Resolution

1. Please download the following file and place it to
%plesk_dir%\admin\htdocs\domains\databases folder:

http://download1.swsoft.com/Plesk/Autoupdate/Windows/8.2.0/124656/db_webadmin.php

2. Download the following file and place to %plesk_dir%\admin\plib folder:

http://download1.swsoft.com/Plesk/Autoupdate/Windows/8.2.0/124656/class.DataBase.php3 

3. Download the files below and place them to %plesk_dir%\admin\plib\user folder:

http://download1.swsoft.com/Plesk/Autoupdate/Windows/8.2.0/124656/User.php
http://download1.swsoft.com/Plesk/Autoupdate/Windows/8.2.0/124656/UserAdmin.php
http://download1.swsoft.com/Plesk/Autoupdate/Windows/8.2.0/124656/UserClient.php
http://download1.swsoft.com/Plesk/Autoupdate/Windows/8.2.0/124656/UserDomain.php
http://download1.swsoft.com/Plesk/Autoupdate/Windows/8.2.0/124656/UserMailName.php
http://download1.swsoft.com/Plesk/Autoupdate/Windows/8.2.0/124656/UserNone.php 

Note: Please see how to install Plesk hotfixes properly.

Additional information

%plesk_dir% is environment variable which points to Plesk installation folder. By default it is C:\Program Files\SWsoft\Plesk

%plesk_bin% is environment variable which points to Plesk binaries folder. By default it is C:\Program Files\SWsoft\Plesk\admin\bin

Subscription for this article changesSubscription for this article changes

Please provide feedback on this article

Did this article help you solve your issue?
Yes
No
Partially
I do not know yet
 
Strongly Agree   Strongly Disagree
  9 8 7 6 5 4 3 2 1
The article is easy to understand
The article is accurate
Additional Comments:
*Please provide us with your email address in case we need to contact you.
captcha *Please type the code you can see.
* - required fields