The Webuzo Team has launched phpMyAdmin 4.8.2 the latest version in the release branch.
Please check the change log below:
The urgent vulnerability allows an authenticated attacker to exploit a phpMyAdmin feature to show and potentially execute files on the server. PHP open_basedir restrictions mitigate the effect of this flaw. For further details, see the PMASA announcement.
A second flaw was also fixed allowing an attacker to use a specially crafted database name to trick a user in to executing a cross-site scripting (XSS) attack in the Designer feature.
In addition to the security fixes, this release also includes these bug fixes as part of our regular release cycle:
- WHERE 0 clause causes a fatal error
- Fix missing “INDEX” icon
- Unable to log in with MySQL 8.0.11 (bug #14220, see also https://bugs.php.net/bug.php?id=76243)
- A few users have reported being unable to log in with a persistent error message “Failed to set session cookie. Maybe you are using HTTP instead of HTTPS”. In some cases, clearing the phpMyAdmin cookies (‘pma*’) resolves the issue.
If you have any questions regarding the upgrade or any issues after upgrade let me know in the comments.
The Webuzo Team