The phpMyAdmin team announces the release of versions 4.9.4 and 5.0.1. phpMyAdmin 4.9.4 and 5.0.1 is now available.
phpMyAdmin 4.9.4 and 5.0.1 releases address two issues, a problem with two-factor authentication that was introduced with the last releases, and a fix for an SQL injection vulnerability. This vulnerability is assigned PMASA-2020-1 and requires that the attacker has logged in through a valid MySQL account.
What is an SQL injection vulnerability?
A SQL injection flaw has been discovered in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server.
To fix for an SQL injection vulnerability
Version 4.x is in the LTS phase, where only security fixes and critical bug fixes are made. Users are suggested to migrate to version 5. phpMyAdmin version 5.0.0 has been released at the end of 2019. It came with many new features and improvements from the 4.9 series.
The phpMyAdmin project is a member of the Software Freedom Conservancy. SFC is a not-for-profit organization that helps promote, improve, develop, and defends Free, Libre, and Open Source Software (FLOSS) projects.
Source: 1