| CVE | Version | Verified Exploit | |-----|---------|------------------| | CVE-2016-5734 | 4.0.x – 4.6.2 | RCE via preg_replace in table search. Metasploit module available. | | CVE-2018-12613 | 4.8.0 – 4.8.1 | Local file inclusion (LFI) via ?target=db_sql.php%253f/../../config.inc.php | | CVE-2019-12922 | 4.9.0.1 | CSRF + RCE via crafted SQL. |
Include the session file (typically /var/lib/php/sessions/sess_ ) via the vulnerable parameter. 🔍 Discovery and Foothold
Affects versions before 4.6.2. An authenticated user can bypass security checks to execute arbitrary SQL, leading to code execution via SELECT ... INTO OUTFILE . Configuration Vulnerabilities phpmyadmin hacktricks verified
Vulnerabilities in specific features, such as the user accounts page, have allowed malicious users to inject SQL commands, potentially modifying privileges or exfiltrating data. 3. Enumeration and Reconnaissance
Once inside, the goal shifts to escalating privileges or stealing data. Executing Code with SQL | CVE | Version | Verified Exploit |
# phpMyAdmin - HackTricks Verified Checklist
Modern MySQL caches authentication plugin data – but authentication_string still yields hash cracking (cached SHA256 or mysql_native_password). INTO OUTFILE
References:
SELECT '' INTO OUTFILE '/var/www/html/shell.php'; Use code with caution.