Stefan Esser has reported a vulnerability in phpMyAdmin,
which can be exploited by malicious people to conduct
cross-site scripting attacks, disclose sensitive
information, and compromise a vulnerable system.
The vulnerability is caused due to an error in the
register_globals emulation layer in "grab_globals.php"
where the "import_blacklist" variable is not properly
protected from being overwritten. This can be exploited
to execute arbitrary HTML and script code in a user's
browser session in context of an affected site, and
include arbitrary files from external and local resources.