SynopsisAccess to the remote PHP application is not password protected.
DescriptionThe version of phpMyAdmin installed on the remote web server allows unrestricted, unauthenticated access. This is likely due to setting the 'auth_type' to 'config' and storing login credentials in the configuration file.
A remote attacker could exploit this to execute arbitrary SQL queries, delete databases, or possibly even execute arbitrary code remotely.
SolutionRestrict access to phpMyAdmin using one of the methods referred to in the vendor's documentation.