Hello Salvatore, I investigated while reporting the vulnerability, 4.6.6 (https://packages.debian.org/source/oldstable/phpmyadmin) is not affected since the table name you need to reproduce the vulnerability is not supported.
4.9.2 will patch the vulnerability Regards, William Desportes
