phpMyAdmin is vulnerable to a remote code execution due the use of the unserialize method on user supplied data. This data is written in the config file and is accessible from the internet by default.
CVE Link
Exploit Type - Old
Exploits/Remote
Product Name