Phpmyadmin Hacktricks Verified [upd] -

/setup/index.php (Can allow unauthorized configuration if not locked down)

From phpMyAdmin SQL tab:

Older versions display the version number directly on the login page. phpmyadmin hacktricks verified

In phpMyAdmin 4.3.0 to 4.6.2, a vulnerability in the search feature allowed attackers to execute code through the PHP preg_replace function using the /e (eval) modifier. 4. Advanced Enumeration: HackTricks Style /setup/index

To stay secure, administrators should follow the official phpMyAdmin Security Advisories : Can’t copy the link right now

This public link is valid for 7 days and shares a thread, including any personal information you added. This link or copies made by others cannot be deleted. If you share with third parties, their policies apply. Can’t copy the link right now. Try again later.

: In many cases, phpMyAdmin is misconfigured with a root account that has no password, granting immediate administrative access. WordPress plugins like Portable phpMyAdmin (v1.3.0) have also been known for authentication bypass flaws.