FreeBSD : phpmyadmin -- register_globals emulation 'import_blacklist' manipulation (23afd91f-676b-11da-99f6-00123ffe8333)
High Nessus Plugin ID 21399
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionSecunia reports :
Stefan Esser has reported a vulnerability in phpMyAdmin, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose sensitive information, and compromise a vulnerable system.
The vulnerability is caused due to an error in the register_globals emulation layer in 'grab_globals.php' where the 'import_blacklist' variable is not properly protected from being overwritten. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site, and include arbitrary files from external and local resources.
SolutionUpdate the affected package.