In phpMyAdmin 4.8.0 and 4.8.1, a classic LFI vulnerability existed. The ?target= parameter (or ?goto= ) failed to sanitize input properly.
If you're on a version older than 5.2, you are vulnerable. phpmyadmin hacktricks patched
A patched phpMyAdmin is safe only if you also patch your architecture. Change the default URL, block public access, enforce MFA, and monitor logs relentlessly. In phpMyAdmin 4
: As noted by contributors on LinkedIn , phpMyAdmin can be a significant entry point for hackers if left exposed on live servers. In phpMyAdmin 4.8.0 and 4.8.1
: Multiple iterations of SQLi have plagued the platform, such as CVE-2020-5504