depends on the permissions you give and the connection method you use (ofc how bad/old is the code).
PDO's hard to get pass through, proper sanitize, know what to expect on data but most panels have holes because creators never sanitize properly, few know how to make it but nobody does it.
in case we have a password 123456789 yes its perfect
in case we have a password abc1234 you have a big error
your commend is not valid in any possible way regarding lineage or user/pass protection.