This is one of many ways how hackers managed to exploit websites.
Basically hackers have list of web applications (e.g. phpmyadmin) and its corresponding vulnerabilities.
Based on this list, they will access your site and check which are currently installed / used by your website.
One way of checking is by simply accessing the web applications' assets like .css, .js, folder, etc.
If they found even just one web application, then an opportunity is available like an open door where attack is not impossible.