Phpmyadmin Hacktricks [best] -

| CVE | Impact | Fixed in | |-----|--------|----------| | CVE-2016-5734 | Brute force using $cfg['AllowArbitraryServer'] | 4.6.3 | | CVE-2018-12613 | File inclusion via target=db_sql.php?/../../ | 4.8.1 | | CVE-2019-12922 | CSRF + RCE | 4.9.0.1 |

4.7. Lateral Movement and Data Exfiltration phpmyadmin hacktricks

This article is for educational purposes and authorized security testing only. Unauthorized access to databases is illegal. | CVE | Impact | Fixed in |

If the database user has FILE privileges and you know the absolute web path (e.g., /var/www/html ), you can write a PHP shell directly to the disk. phpmyadmin hacktricks