FreeBSD phpmyadmin — Cross Site Scripting Vulnerabilities Fix

Posted on in Categories FreeBSD, Howto, package management, Security Alert last updated July 3, 2008

An unpatched security hole in phpMyAdmin can be exploited by malicious people to conduct cross-site scripting attacks under FreeBSD. This also applies to phpmyadmin version under other UNIX like oses.

Input passed via unspecified parameters to files in /libraries is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site.

Successful exploitation requires that “register_globals” is enabled and support for “.htaccess” files is disabled.

How do I fix this issue under FreeBSD?

Login as root user and type the following two commands:
# portsnap fetch extract
# portuprade -a

Leave a Comment