- Plesk for Windows
Vulnerability CVE-2020-13166 was discovered in myLittleAdmin: https://ssd-disclosure.com/ssd-advisory-mylittleadmin-preauth-rce/
If myLittleAdmin is installed, an unauthenticated remote attacker can run arbitrary code on behalf of IUSRPLESK_sqladmin.
Call to Action
If you'd like to continue using myLittleAdmin without removing it:
Connect to the server via RDP
Delete the following lines from
Note: Consider updating Plesk to the latest version as since 18.0.28 version this workaround applied automatically.
For Plesk Onyx 17.5 and 17.8, the workaround is applied automatically for micro-updates #95 and #89, respectively.
If you are not using myLittleAdmin:
Remove myLittleAdmin from Plesk:
- Log in to Plesk
- Go to Tools & Settings > Updates > Add/Remove components and uncheck myLittleAdmin:
- Click Continue
As an alternative, to manage MS SQL databases it is recommended to use Microsoft SQL Management studio.