If the database user has FILE privileges and you know the absolute web path (e.g., /var/www/html ), you can write a PHP shell directly to the disk.
There are several methods to transition from database access to a web shell: phpmyadmin hacktricks
: Several older versions of phpMyAdmin are vulnerable to LFI. For example, CVE-2018-12613 If the database user has FILE privileges and