The register_globals emulation in phpMyAdmin 2.7.0 rc1 allows remote attackers to exploit other vulnerabilities in phpMyAdmin by modifying the import_blacklist variable in grab_globals.php, which can then be used to overwrite other variables.
Software | From | Fixed in |
---|---|---|
phpmyadmin / phpmyadmin | 2.7.0_rc1 | 2.7.0_rc1.x |