The phpMyAdmin team announces the release of versions 4.9.4 and 5.0.1.
As a reminder, version 4.x is in the LTS phase, where only security fixes and critical bug fixes are made. Users are suggested to migrate to version 5.
These releases address two issues, a problem with two-factor authentication that was introduced with the last releases, and a fix for an SQL injection vulnerability that was reported by CSW Research Labs https://twitter.com/cswcyberworks. This vulnerability is assigned PMASA-2020-1 and requires that the attacker have logged in through a valid MySQL account.
Known issue: the reported current release version may display incorrectly on the main page (for instance, "Version information: 5.0.1, latest stable version: 4.9.4"). This is expected to be fixed in the next routine bug fix release.
Downloads are available at phpmyadmin.net.
Happy new year, the phpMyAdmin team