Plesk Control Panel, has identified a SQL injection security.

[dm.cummings]

I received an email about Plesk Control Panel, has identified a SQL injection security. Since I am using Plesk 9.3 I reviewed this link : http://kb.parallels.com/en/113424

I installed this file to check to see if my server was safe : plesk_remote_vulnerability_checker.php

After running the script I got this error message : The file "/usr/local/psa/version" has not been found.

Can anyone help with this?

 

[AlexanderVL]

Please, specify your OS and provide output of 'stat /usr/local/psa/version'.

 

[tomh93]

I'm also seeing this issue with "CentOS release 5.2 "
Some anonymous non-communicative individual installed it on my system, apparently in some non-standard way.
There is no /usr/local/psa directory.
I did find a /parallels/PSA_8.6.0 directory, but there's no "version" file in it either.

 

[AlexanderVL]

To locate version file run:

rpm -ql psa | grep version

 

[tomh93]

Thanks - I was confused. The file is there.
My issue was that /etc/php.ini had "safe_mode = On" so PHP said it wasn't there.
When I changed it to "safe_mode = Off" everything worked OK.

 

[AlexanderVL]

Yes - it's mentioned in http://kb.parallels.com/en/113424:

# php -d safe_mode=0 plesk_remote_vulnerability_checker.php

 

[PMassi]

Hi, applying this fix, I have this error a lot of times:
PHP Warning: Unexpected character in input: ' in /var/www/vhosts/domain.xx/plesk_remote_vulnerability_fix_deployer/plesk_remote_vulnerability_fix_deployer.php on line 57
and then:
PHP Parse error: syntax error, unexpected T_DNUMBER in /var/www/vhosts/domain.xx/plesk_remote_vulnerability_fix_deployer/plesk_remote_vulnerability_fix_deployer.php on line 57

Someone can help me?
Many thanks