An unpatched security hole in phpMyAdmin can be exploited by malicious people to conduct cross-site scripting attacks under FreeBSD. This also applies to phpmyadmin version under other UNIX like oses.
Input passed via unspecified parameters to files in /libraries is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site.
Successful exploitation requires that “register_globals” is enabled and support for “.htaccess” files is disabled.
How do I fix this issue under FreeBSD?
Login as root user and type the following two commands:
# portsnap fetch extract
# portuprade -a