[原文]The register_globals emulation in phpMyAdmin 2.7.0 rc1 allows remote attackers to exploit other vulnerabilities in phpMyAdmin by modifying the import_blacklist variable in grab_globals.php, which can then be used to overwrite other variables.
phpMyAdmin contains a flaw that may allows a variety of attacks, including cross site scripting, as well as local and remote file inclusion. This flaw exists because the application does not validate the $import_blacklist variable upon submission to numerous scripts. This may allow an attacker to overwrite the variable thus bypassing the security restrictions in place to maintain register_globals emulation. Once this variable has been manipulated, several scripts could then be used to conduct further attacks.
Upgrade to version 2.7.0-p1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.