|CERT-In Vulnerability Note
phpMyAdmin "import_blacklist" Remote Variables Overwrite Vulnerability
Original Issue Date:December 08, 2005
Severity Rating: HIGH
PHPMyAdmin is a powerful open source web-based tool written in PHP for administering MySQL databases. A cross-site-scripting vulnerability has been reported in the PHPMyAdmin which can be exploited by the hacker to gain sensitive system information.
A vulnerability has been reported in the "grab_globals.php" file of the PHPMyAdmin. A variable named "import_blacklist" is not properly protected from being overwritten
It can be exploited by a hacker to execute arbitrary commands/scripts in the users browser.
Update to version 2.7.0-pl1.
The information provided herein is on "as is" basis, without warranty of any kind.
Email: firstname.lastname@example.org Phone: +91-11-2436857
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
6, CGO Complex, Lodhi Road,
New Delhi - 110 003