Looking at my checkout from CVS HEAD yesterday, OpenEMR is embedding phpMyAdmin 2.11.9.5. Looking at my git clone from yesterday, the latest release of phpMyAdmin 2.x is 2.11.9.6. I checked the git log between those versions and found that a security patch was applied around 2009-10-12. It didn’t get much news, but it evidently fixes some cross-site scripting and SQL injection vulnerabilities in phpMyAdmin 2.11.9.5.
It would be nice if OpenEMR could bump the embedded phpMyAdmin version to at least 2.11.9.6 for the next release or even prepare a patch bundle that addresses the issue. I can easily prepare a patch, but I believe you are using CVS tags to help automate tracking of phpMyAdmin, so it might be better if someone with a CVS commmit bit does the upgrade.
I tried to open a bug, but I didn’t have the correct permissions, evidently.
For the bug report, possibly you weren’t logged in (we don’t allow bug reports from anonymous users). Try again, if still having problems even while logged in, then let us know.
phpmyadmin is now to version 2.11.10 ; would be nice to update it. Here’s are details of relatively recent phpmyadmin upgrade: http://www.openmedsoftware.org/wiki/PhpMyAdmin
So will be more advantageous to utilize the cvs tags and upgrade it with cvs import/merge commands. Good idea to log this request into the bug tracker; at seem point need to also fix a session bug with openemr/phpmyadmin anyways.