phpMyAdmin 4.9.1 releases: fix zero-day CSRF vulnerability
phpMyAdmin is a free software tool written in PHP that is intended to handle the administration of a MySQL or MariaDB database server. You can use phpMyAdmin to perform most administration tasks, including creating a database, running queries, and adding user accounts.
fix for an issue that has been reported as CVE-2019-12922. The fix for this has been in our release queue to be part of this release, however, it is the opinion of the team that the reported attack vector did not justify a separate release.
This release includes fixes for many bugs, including:
- Editing columns with CURRENT_TIMESTAMP for MySQL versions 8.0.13 and newer
- Compatibility issues with PHP 8
- Export of GIS visualization
- Enhanced descriptions for several collation types
- Creating a user with a single quote in the password string
- Unexpected quotes during import and export on text fields
- Improvements to adding new tables to Designer
- Fix an issue where an authenticated user could trigger heavy traffic between the database server and web server
- Fix a weakness where an attacker, under certain conditions, working at the same time as an administrator is using the setup script, could delete a server from the setup script