- Plesk for Windows
Vulnerability CVE-2020-13166 was discovered in myLittleAdmin: https://ssd-disclosure.com/ssd-advisory-mylittleadmin-preauth-rce/
If myLittleAdmin is installed, an unauthenticated remote attacker can run arbitrary code on behalf of IUSRPLESK_sqladmin.
Call to Action
If you'd like to continue using myLittleAdmin without removing it:
Connect to the server via RDP
Delete the following lines from
Note: Consider updating Plesk to the latest version as since 18.0.28 version this workaround applied automatically. For Plesk Onyx 17.5 and 17.8 it will be available in the nearest micro update.
If you are not using myLittleAdmin:
Remove myLittleAdmin from Plesk:
- Log in to Plesk
- Go to Tools & Settings > Updates > Add/Remove components and uncheck myLittleAdmin:
- Click Continue
As an alternative, to manage MS SQL databases it is recommended to use Microsoft SQL Management studio.