Webuzo System Application: phpMyAdmin 4.8.2 Launched

Hi,

The Webuzo Team has launched phpMyAdmin 4.8.2 the latest version in the release branch.

Please check the change log below:

The urgent vulnerability allows an authenticated attacker to exploit a phpMyAdmin feature to show and potentially execute files on the server. PHP open_basedir restrictions mitigate the effect of this flaw. For further details, see the PMASA announcement.

A second flaw was also fixed allowing an attacker to use a specially crafted database name to trick a user in to executing a cross-site scripting (XSS) attack in the Designer feature.

In addition to the security fixes, this release also includes these bug fixes as part of our regular release cycle:

  • WHERE 0 clause causes a fatal error
  • Fix missing “INDEX” icon

Known issues:

  • Unable to log in with MySQL 8.0.11 (bug #14220, see also https://bugs.php.net/bug.php?id=76243)
  • A few users have reported being unable to log in with a persistent error message “Failed to set session cookie. Maybe you are using HTTP instead of HTTPS”. In some cases, clearing the phpMyAdmin cookies (‘pma*’) resolves the issue.

If you have any questions regarding the upgrade or any issues after upgrade let me know in the comments.

Regards,
The Webuzo Team