FreeBSD phpmyadmin — Cross Site Scripting Vulnerabilities Fix

last updated in Categories FreeBSD, Howto, package management, Security Alert

An unpatched security hole in phpMyAdmin can be exploited by malicious people to conduct cross-site scripting attacks under FreeBSD. This also applies to phpmyadmin version under other UNIX like oses.

Input passed via unspecified parameters to files in /libraries is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site.

Successful exploitation requires that “register_globals” is enabled and support for “.htaccess” files is disabled.

How do I fix this issue under FreeBSD?

Login as root user and type the following two commands:
# portsnap fetch extract
# portuprade -a

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.