1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Plesk Control Panel, has identified a SQL injection security.

Discussion in 'Plesk 9.x for Linux Issues, Fixes, How-To' started by dm.cummings, Mar 6, 2012.

  1. dm.cummings

    dm.cummings Guest

    0
     
    I received an email about Plesk Control Panel, has identified a SQL injection security. Since I am using Plesk 9.3 I reviewed this link : http://kb.parallels.com/en/113424

    I installed this file to check to see if my server was safe : plesk_remote_vulnerability_checker.php

    After running the script I got this error message : The file "/usr/local/psa/version" has not been found.

    Can anyone help with this?
     
  2. AlexanderVL

    AlexanderVL New Pleskian Plesk Team

    12
    80%
    Joined:
    Mar 6, 2012
    Messages:
    6
    Likes Received:
    0
    Please, specify your OS and provide output of 'stat /usr/local/psa/version'.
     
  3. tomh93

    tomh93 Guest

    0
     
    I'm also seeing this issue with "CentOS release 5.2 "
    Some anonymous non-communicative individual installed it on my system, apparently in some non-standard way.
    There is no /usr/local/psa directory.
    I did find a /parallels/PSA_8.6.0 directory, but there's no "version" file in it either.
     
    Last edited by a moderator: Mar 24, 2012
  4. AlexanderVL

    AlexanderVL New Pleskian Plesk Team

    12
    80%
    Joined:
    Mar 6, 2012
    Messages:
    6
    Likes Received:
    0
    To locate version file run:

    rpm -ql psa | grep version
     
  5. tomh93

    tomh93 Guest

    0
     
    Thanks - I was confused. The file is there.
    My issue was that /etc/php.ini had "safe_mode = On" so PHP said it wasn't there.
    When I changed it to "safe_mode = Off" everything worked OK.
     
  6. AlexanderVL

    AlexanderVL New Pleskian Plesk Team

    12
    80%
    Joined:
    Mar 6, 2012
    Messages:
    6
    Likes Received:
    0
  7. PMassi

    PMassi Guest

    0
     
    Hi, applying this fix, I have this error a lot of times:
    PHP Warning: Unexpected character in input: ' in /var/www/vhosts/domain.xx/plesk_remote_vulnerability_fix_deployer/plesk_remote_vulnerability_fix_deployer.php on line 57
    and then:
    PHP Parse error: syntax error, unexpected T_DNUMBER in /var/www/vhosts/domain.xx/plesk_remote_vulnerability_fix_deployer/plesk_remote_vulnerability_fix_deployer.php on line 57

    Someone can help me?
    Many thanks
     
Loading...