If the MySQL user has the FILE privilege and you know the absolute path of the webroot, you can write a PHP shell directly to the server.
Before launching an attack, you must understand the environment. phpMyAdmin’s vulnerability profile changes drastically between versions. phpmyadmin hacktricks verified
Mastering phpMyAdmin Pentesting: A "HackTricks Verified" Guide If the MySQL user has the FILE privilege
Most RCE exploits target versions that are 5+ years old. Summary Table: phpMyAdmin Attack Vectors Requirement Default Creds Poor Configuration Full DB Access LFI (CVE-2018-12613) Version 4.8.x RCE via Session Poisoning SELECT INTO OUTFILE FILE Privilege + Known Path Setup Script Bypass Accessible /setup/ folder Config Manipulation phpmyadmin hacktricks verified
If you are stuck within the database, look for these "Quick Wins":
Look at the footer of the login page or check /README or /Documentation.html .