News
CVE-2020-13166: myLittleAdmin vulnerabilty
Posted by Technical Manager on 05 June 2020 12:01 PM

Applicable to: Plesk for Windows

Situation

Vulnerability CVE-2020-13166 was discovered in myLittleAdmin: https://ssd-disclosure.com/ssd-advisory-mylittleadmin-preauth-rce/

Vulnerability Summary

MyLittleAdmin is a web-based management tool specially designed for MS SQL Server. It fully works with MS SQL Server. While the product appears to be discontinued (no new releases since 2013) it is still being offered on the company web site as well as part of the optional installation of Plesk. Furthermore, there are numerous active installations present on the Internet. An unauthenticated RCE vulnerability in the product allows remote attackers to execute arbitrary commands within the context of the IIS application engine.

Impact

If myLittleAdmin is installed, an unauthenticated remote attacker can run arbitrary code on behalf of IUSRPLESK_sqladmin.

As an alternative, to manage MS SQL databases it is recommended to use Microsoft SQL Management studio.


Comments (0)
Post a new comment
 
 
Full Name:
Email:
Comments:
CAPTCHA Verification 
 
Please enter the text you see in the image into the textbox below (we use this to prevent automated submissions).

iWHOST Support System