phpMyAdmin 4.9.5

Released 2020-03-21.

Welcome to the release of phpMyAdmin version 4.9.5. This is a security release containing several bug fixes.

Changes this version:
* PMASA-2020-2 SQL injection vulnerability in the user accounts page, particularly when changing a password
* PMASA-2020-3 SQL injection vulnerability relating to the search feature
* PMASA-2020-4 SQL injection and XSS having to do with displaying results
* Removing of the "options" field for the external transformation.

We are removing the ability for users to set "options" field for the external transformation. This must now be hard
coded in the plugin file directly (where the program is configured). This feature allows users to pipe output directly to an executable file,
however the options field presented a security risk and we have decided to move the options to be hard coded in the transformation plugin file.
For further assistance, please reach out to our support team through email or Github pull request.

This is a reminder that phpMyAdmin 4.9 is in the long-term support phase where it will only get important security fixes and critical bug fixes. Users are suggested to migrate to version 5.0.

Downloads are available now at

For the phpMyAdmin team,

Older version compatible with PHP 5.5 to 7.4 and MySQL/MariaDB 5.5 and newer. Currently supported for security fixes only.

File Size Verification
phpMyAdmin-4.9.5-all-languages.tar.gz 9.7 MB [PGP] [SHA256]
phpMyAdmin-4.9.5-all-languages.tar.xz 5.9 MB [PGP] [SHA256]
phpMyAdmin-4.9.5-english.tar.gz 5.0 MB [PGP] [SHA256]
phpMyAdmin-4.9.5-english.tar.xz 3.9 MB [PGP] [SHA256] 6.2 MB [PGP] [SHA256]
phpMyAdmin-4.9.5-source.tar.xz 11.6 MB [PGP] [SHA256]

Since July 2015 all phpMyAdmin releases are cryptographically signed by the releasing developer. You should verify that the signature matches the archive you have downloaded. Verification instructions are placed in our documentation in the Verifying phpMyAdmin releases chapter.