≡ Menu

cross-site scripting

An unpatched security hole in phpMyAdmin can be exploited by malicious people to conduct cross-site scripting attacks under FreeBSD. This also applies to phpmyadmin version under other UNIX like oses.

Input passed via unspecified parameters to files in /libraries is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Successful exploitation requires that "register_globals" is enabled and support for ".htaccess" files is disabled.

How do I fix this issue under FreeBSD?

Login as root user and type the following two commands:
# portsnap fetch extract
# portuprade -a