<html><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div class="">It “seems" it would be an easy fix.  According to the original poster it says he alerted the development team.</div><div class=""><br class=""></div><div class="">I searched the archive and maybe he private messaged a couple developers?</div><div class=""><br class=""></div><div class=""><a href="https://www.cvedetails.com/cve/CVE-2019-12922/" class="">https://www.cvedetails.com/cve/CVE-2019-12922/</a></div><div class=""><br class=""></div><a href="https://seclists.org/fulldisclosure/2019/Sep/23" class="">https://seclists.org/fulldisclosure/2019/Sep/23</a><div class=""><br class=""></div><div class="">The bug would have very low probability of exploit. You would have to be logged into an existing phpmyadmin session and simultaneously trick the user to click on a link while in the setup stage.</div><div class=""><br class=""></div><div class="">Thought I would post here that the bug is publicly posted.</div><div class=""><br class=""></div><div class="">Thanks,</div><div class="">Todd</div><div class=""><br class=""></div><div class="">P.S.  Enjoy phpmyadmin.  Been using it off and on over a decade.</div><div class=""><br class=""></div></body></html>