FreeBSD phpmyadmin — Cross Site Scripting Vulnerabilities Fix

by on June 3, 2008 · 0 comments· LAST UPDATED July 3, 2008

in , ,

An unpatched security hole in phpMyAdmin can be exploited by malicious people to conduct cross-site scripting attacks under FreeBSD. This also applies to phpmyadmin version under other UNIX like oses.

Input passed via unspecified parameters to files in /libraries is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Successful exploitation requires that "register_globals" is enabled and support for ".htaccess" files is disabled.

How do I fix this issue under FreeBSD?

Login as root user and type the following two commands:
# portsnap fetch extract
# portuprade -a

TwitterFacebookGoogle+PDF versionFound an error/typo on this page? Help us!

{ 0 comments… add one now }

Leave a Comment

Tagged as: , , , , , , , , , ,

Previous post:

Next post: