CVE-2020-13166: myLittleAdmin vulnerabilityCVE-2020-13166: myLittleAdmin vulnerability

Vulnerability CVE-2020-13166 was discovered in myLittleAdmin

Remove myLittleAdmin from Plesk:

Remove myLittleAdmin from Plesk:

Log in to Plesk
Go to Tools & Settings > Updates > Add/Remove components and uncheck myLittleAdmin:
sql.JPG
Click Continue

As an alternative, to manage MS SQL databases it is recommended to use Microsoft SQL Management studio.

Note: Unlikely software vendor will issue any security patches/updates to address this vulnerability.
We are going to remove the ability to install this vulnerable software using Plesk soon.

Connect to the server via RDP

Delete the following lines from %PLESK_DIR%\MyLittleAdmin\web.config:

<machineKey
validationKey=”5C7EEF6650639D2CB8FAA0DA36AF24452DCF69065F2EDC2C8F2F44C0220BE2E5889CA01A207FC5FCE62D1A5A4F6D2410722261E6A33E77E0628B17AA928039BF”

decryptionKey=”DC47E74EA278F789D2FF0E412AD840A89C10171F408D8AC4″
validation=”SHA1″ />