You would think swsoft would have posted this in here - so I did!
[FIX] SQL Injection vulnerability
Article ID: 2169
Last Review: Sep,13 2007
APPLIES TO:
* Plesk 8.0.x
* Plesk 8.1.x
* Plesk 8.2
SYMPTOMS
SQL injection vulnerability within Plesk for Linux/Unix.
RESOLUTION
Please download the following file:
For Plesk v8.0.0 and v8.0.1 :
http://download1.swsoft.com/Plesk/Hotfix/PleskUnix/8.0.1/114298/class.Session.php
For Plesk v8.1.0 :
http://download1.swsoft.com/Plesk/Hotfix/PleskUnix/8.1.0/114298/class.Session.php
For Plesk 8.2.0 :
http://download1.swsoft.com/Plesk/Hotfix/PleskUnix/8.2.0/114298/class.Session.php
and replace /usr/local/psa/admin/plib/class.Session.php file on Plesk server with the downloaded new one.
Plesk versions 7.5.4 and 8.1.1 are not affected by this vulnerability.
[FIX] SQL Injection vulnerability
Article ID: 2169
Last Review: Sep,13 2007
APPLIES TO:
* Plesk 8.0.x
* Plesk 8.1.x
* Plesk 8.2
SYMPTOMS
SQL injection vulnerability within Plesk for Linux/Unix.
RESOLUTION
Please download the following file:
For Plesk v8.0.0 and v8.0.1 :
http://download1.swsoft.com/Plesk/Hotfix/PleskUnix/8.0.1/114298/class.Session.php
For Plesk v8.1.0 :
http://download1.swsoft.com/Plesk/Hotfix/PleskUnix/8.1.0/114298/class.Session.php
For Plesk 8.2.0 :
http://download1.swsoft.com/Plesk/Hotfix/PleskUnix/8.2.0/114298/class.Session.php
and replace /usr/local/psa/admin/plib/class.Session.php file on Plesk server with the downloaded new one.
Plesk versions 7.5.4 and 8.1.1 are not affected by this vulnerability.