In association with heise online

14 September 2007, 13:52

Security update for PLESK server configuration tool [Update]

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Software vendor SWSoft has reported a hole in PLESK for Windows, its web-based configuration tool for Web servers and Web hosting. An SQL injection vulnerability allows the PLESK database to be manipulated. SWSoft have not provided any details, but according to reports a flaw in the auth.php3 file opens up the hole when PLESKSESSID cookies are analyzed.

Only Plesk versions 7.6.1, 8.1.0, 8.1.1 and 8.2.0 for Windows are affected. The vendor has released a revised version of the auth.php3 file, which users are advised to download and install in the directory %plsek_dir%\admin\auto_prepend.

The Linux versions of PLESK Plesk 8.2.0, Plesk 8.0.0, Plesk 8.0.1 and Plesk 8.1.0 are also vulnerable. The software vendor has also provided an update for that operating system.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit