From official site:
Version 2.9.2 contains some security fixes (see Security on phpmyadmin.net) and other fixes.
From me: The vulnerability is quite serious so I suggest upgrading ASAP.
Download page: http://www.phpmyadmin.net/home_page/downloads.php
XSS and Path Disclosure vulnerabilities
We received an advisory from Laurent Gaffié and we wish to thank him for his work.
It was possible to trigger these attacks on db_create.php and index.php.
We consider these vulnerabilities to be serious.
Probably all versions to 126.96.36.199.
Upgrade to phpMyAdmin 2.9.2 or newer.
For further information and in case of questions, please contact the phpMyAdmin team. Our website is http://www.phpmyadmin.net/.