phpMyAdmin is vulnerable to a remote code execution due the use of the unserialize method on user supplied data. This data is written in the config file and is accessible from the internet by default.
CVE Link
Product Name