phpMyAdmin Exposure

phpMyAdmin is a tool that performs the basic MySQL operations such as creating, altering, and dropping databases, tables, fields, indexes, and users. It can execute SQL statements and manage relations between objects. It also provides a rich web interface, a SQL parser and many other features. It is one of the most popular database management tools on the web.

phpMyAdmin is internal with inadequate access control and authentication mechanisms required for public access applications. It relies on username/password authentication without support for 2FA, and as a result, it is an easy target for attackers.

Impact

Attackers can leverage compromised credentials or brute force attacks to log into the phpMyAdmin interface to obtain full read-write access to sensitive data.

Solution

Remove phpMyAdmin or ensure reverse proxies protect it with backed by strong authentication.