CVE-2020-13166

Name of the Vulnerable Software and Affected Versions MyLittleAdmin version 3.8

Description The management tool in the affected software allows remote attackers to execute arbitrary code because the machineKey is hardcoded in the web.config file, which is the same for all customers' installations. This hardcoded machineKey can be used to send serialized ASP code.

Recommendations For MyLittleAdmin version 3.8, consider changing the hardcoded machineKey in the web.config file to a unique value for each installation as a temporary workaround. Restrict access to the management tool to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.