The phpMyAdmin development team has released versions 220.127.116.11 and 18.104.22.168 of their database administration tool.
These updates are for four critical security vulnerabilities, include a session manipulation bug in Swekey authentication, a possible code injection issue in the setup script and a regular expression quoting problem in Synchronize code. With reference to the project website, these security issues could lead to the code injection and execution of arbitrary code.
Further, a directory traversal vulnerability related to the filtering of a file path in the MIME-type transformation code in these versions have been fixed.
The new versions of phpMyAdmin are available to download from the project website. phpMyAdmin is licensed under version 2 of the GNU General Public License.