• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

BIG security flaw in php under plesk7.5.4

L

larsm

Guest
we have been testing plesk for awhile now
we have bought plesk 7.5.4 and installed all the patches and are running it with
mail enable enterprise
on a win 2003 std.

we then had a user who we gave a account(domain user)
www.Somedomain.xx

he then installed an cms system (php)
called pMachinePro2.4 on his webhotel/webspace

after installation he went into his website (cms backend) as an cms admin an clicked on file manager button and got instant access to the hole drive incl all other domains db's and the psa db with all plesk passes and so forth THIS MY FRIENDS IS A serious security breech how do i solve this !!!! ???

i am quite chocked !!:confused: :confused:
 
temporary solution

it seems that a temp solution is to enable the isapi for php files for that site but still there is a problem isapi just close the gap a little bit

what is needed here is a solution that will work serverside not only for the one and im shure that when we get further down in this there are moore nasty things in the bag that should be corrcted

this one is a serious one
but besdes that all in all i like the panel just needs a big makeover it seems !
 
You must log in or register to reply here.
Back
Top