Affected versions 4.x (prior to 4.9.4) and 5.x (prior to 5.0.1). It occurred in the 'user accounts' page due to insufficient input sanitization.
(Invoking related search suggestions for further exploration...) phpmyadmin hacktricks patched
Finally, on a Wednesday afternoon, the phpMyAdmin team released a new version of the tool, which included a patch for the vulnerability. The patch added proper input validation to the Designer feature, preventing an attacker from injecting malicious SQL code. Affected versions 4
Review by a defender who has cleaned up too many dumped databases from unpatched PMA installs. on a Wednesday afternoon