Michael Brooks discovered that phpMyAdmin, a tool to administrate MySQL over the web, performs insufficient input sanitising allowing a user assisted remote attacker to execute code on the webserver.