phpmyfaq has a feature to restore from a backup the entire application. An attacker with admin grant can export the configuration and re-upload the same file bypassing all the backend sanitization and controls.
PoC-Payload:
#MISCONF
In case of misconfiguration of the SQL service user grant. An attacker could abuse of that by reading/write sensitive file.
Example (read file grant) 1:
SELECT LOAD_FILE('/etc/passwd')
Example (write file grant) 2:
SELECT 'some php code ' INTO dumpfile '/sitepath/somefile.php'