phpMyAdmin 4.9.0.1 releases: fix CSRF & SQLi vulnerability

phpMyAdmin is a free software tool written in PHP that is intended to handle the administration of a MySQL or MariaDB database server. You can use phpMyAdmin to perform most administration tasks, including creating a database, running queries, and adding user accounts.

phpmyadmin

phpMyAdmin 4.9.0.1 was released to fix two security flaws. The security vulnerabilities are below:
  • PMASA-2019-3 is an SQL injection flaw in the Designer feature
  • PMASA-2019-4 is a CSRF attack that’s possible through the ‘cookie’ login form

This release also includes fixes for many bugs, including:

  • Several issues with SYSTEM VERSIONING tables
  • Fixed json encode error in export
  • Fixed JavaScript events not activating on input (sql bookmark issue)
  • Show Designer combo boxes when adding a constraint
  • Fix edit view
  • Fixed invalid default value for bit field
  • Fix several errors relating to GIS data types
  • Fixed javascript error PMA_messages is not defined
  • Fixed import XML data with leading zeros
  • Fixed php notice, added support for ‘DELETE HISTORY’ table privilege (MariaDB >= 10.3.4)
  • Fixed MySQL 8.0.0 issues with GIS display
  • Fixed “Server charset” in “Database server” tab showing wrong information
  • Fixed can not copy user on Percona Server 5.7
  • Updated sql-parser to version 4.3.2, which fixes several parsing and linting problems

Download