Headline
CVE-2022-0813: phpMyAdmin 4.9.10 and 5.1.3 are released
PhpMyAdmin 5.1.1 and before allows an attacker to retrieve potentially sensitive information by creating invalid requests. This affects the lang parameter, the pma_parameter, and the cookie section.
2022-02-11
The phpMyAdmin team announces the release of versions 4.9.10 and 5.1.3.
These versions primarily address a regression that caused the navigation pane to not function correctly when multiple pages of tables were shown.
Version 5.1.3 includes a security hardening improvement. The issue, reported by Rafael Pedrero, could allow users to cause an error that would reveal the path on disk where phpMyAdmin is running from. We believe this requires the server to be running with display_errors on, which is not the recommended setting for a production environment.
Version 5.1.3 includes a few other minor bug fixes and is recommended for all users.
Note that version 4.9 is in extended security support only. Version 5.2.0 is in final testing and is expected to replace the 5.1 branch in the coming week or weeks, with no changes to required versions of PHP or database server.
For the phpMyAdmin team, Isaac
Related news
Gentoo Linux Security Advisory 202311-17 - Multiple vulnerabilities have been discovered in phpMyAdmin, the worst of which allows for denial of service. Versions greater than or equal to 5.2.0 are affected.