Author Topic: phpMyAdmin security update  (Read 543 times)

0 Members and 1 Guest are viewing this topic.

phpMyAdmin security update
« on: December 13, 2018, 11:50:48 PM »
Should I update manually or will it be in a CWP update?

Re: phpMyAdmin security update
« Reply #1 on: December 14, 2018, 01:04:24 AM »
Well, I don't know what security question you are pointing, but security questions are important, and sometimes cannot wait.

I've never tried this before, but you can try this site:

Don't forget to make backups *before*.


Re: phpMyAdmin security update
« Reply #2 on: December 14, 2018, 03:12:46 PM »

The phpMyAdmin team is pleased to announce the release of phpMyAdmin version 4.8.4. Among other bug fixes, this contains several important security fixes.

The security fixes involve:

Local file inclusion (,
XSRF/CSRF vulnerabilities allowing a specially-crafted URL to perform harmful operations (, and
an XSS vulnerability in the navigation tree (
In addition to the security fixes, this release also includes these bug fixes and more as part of our regular release cycle:

Issue with changing theme
Ensure that database names with a dot ('.') are handled properly when DisableIS is true
Fix for message "Error while copying database (pma__column_info)"
Move operation causes "SELECT * FROM `undefined`" error
When logging with $cfg['AuthLog'] to syslog, successful login messages were not logged when $cfg['AuthLogSuccess'] was true
Multiple errors and regressions with Designer

To manually update download the package

Rename /usr/local/cwpsrv/var/services/pma/  to /usr/local/cwpsrv/var/services/pmaBAK/

Create a new pma folder ... 

Unzip it and upload to /usr/local/cwpsrv/var/services/pma/

Copy from the pmaBAK to the new pma folder.

You will get a warning when you first open phpMyAdmin but it shows instructions on how to fix it. Go to any database and open the operations tab. Creates an index I believe.

Delete the pmaBAK folder after testing the new install.
« Last Edit: December 14, 2018, 03:30:24 PM by GTMAN »