phpMyAdmin 4.9.5 and 5.0.2 release: fix SQL injection & XSS vulnerability

phpMyAdmin is a free software tool written in PHP that is intended to handle the administration of a MySQL or MariaDB database server. You can use phpMyAdmin to perform most administration tasks, including creating a database, running queries, and adding user accounts.


phpMyAdmin 4.9.5 and 5.0.2 were released.

Both versions contain several security fixes:

  • PMASA-2020-2 SQL injection vulnerability in the user accounts page, particularly when changing a password
  • PMASA-2020-3 SQL injection vulnerability relating to the search feature
  • PMASA-2020-4 SQL injection and XSS having to do with displaying results
  • Removing of the “options” field for the external transformation.

Version 5.0.2 also contains many bug fixes:

  • Fix for copying a user account
  • Removed SET AUTOCOMMIT=0 from SQL export
  • Fix for the display of table borders
  • Fix for ENUM radio button user interface problems
  • Improved the prompt for abandoning changes when no changes were made in the SQL window
  • Fix for inserting a primary key with “insert as new row”
  • Fix incorrect suggested latest available version to version 5