FreeBSD : phpMyAdmin -- Global variable scope injection (1b93f6fe-e1c1-11e2-948d-6805ca0b3d42)
Medium Nessus Plugin ID 67117
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionThe phpMyAdmin development team reports :
The import.php script was vulnerable to GLOBALS variable injection.
Therefore, an attacker could manipulate any configuration parameter.
This vulnerability can be triggered only by someone who logged in to phpMyAdmin, as the usual token protection prevents non-logged-in users from accessing the required form.
SolutionUpdate the affected package.