phpMyAdmin 4.9.7 and 5.0.4 release: bugfix
phpMyAdmin is a free software tool written in PHP that is intended to handle the administration of a MySQL or MariaDB database server. You can use phpMyAdmin to perform most administration tasks, including creating a database, running queries, and adding user accounts.
Both versions contain several security fixes:
- PMASA-2020-2 SQL injection vulnerability in the user accounts page, particularly when changing a password
- PMASA-2020-3 SQL injection vulnerability relating to the search feature
- PMASA-2020-4 SQL injection and XSS having to do with displaying results
- Removing of the “options” field for the external transformation.
Version 5.0.2 also contains many bug fixes:
- Fix for copying a user account
- Removed SET AUTOCOMMIT=0 from SQL export
- Fix for the display of table borders
- Fix for ENUM radio button user interface problems
- Improved the prompt for abandoning changes when no changes were made in the SQL window
- Fix for inserting a primary key with “insert as new row”
- Fix incorrect suggested latest available version to version 5