CVE-2016-5734
- Source
- https://cve.org/CVERecord?id=CVE-2016-5734
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-5734.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2016-5734
- Aliases
- Downstream
- Related
- Published
- 2016-07-03T01:59:24.753Z
- Modified
- 2026-05-14T04:00:38.562148717Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the preg_replace e (aka eval) modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table search-and-replace implementation.
- References
-
- http://www.securityfocus.com/bid/91387
- https://security.gentoo.org/glsa/201701-32
- https://github.com/phpmyadmin/phpmyadmin/commit/1cc7466db3a05e95fe57a6702f41773e6829d54b
- https://github.com/phpmyadmin/phpmyadmin/commit/4bcc606225f15bac0b07780e74f667f6ac283da7
- https://www.phpmyadmin.net/security/PMASA-2016-27/
- https://www.exploit-db.com/exploits/40185/
Affected packages
Git / github.com/phpmyadmin/phpmyadmin
Affected ranges
- Type
- GIT
- Repo
- https://github.com/phpmyadmin/phpmyadmin
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affected
- Database specific
{ "source": "CPE_FIELD", "extracted_events": [ { "introduced": "0" }, { "last_affected": "4.0.0" }, { "last_affected": "4.0.1" }, { "last_affected": "4.0.2" }, { "last_affected": "4.0.3" }, { "last_affected": "4.0.4" }, { "last_affected": "4.0.4.1" }, { "last_affected": "4.0.4.2" }, { "last_affected": "4.0.5" }, { "last_affected": "4.0.6" }, { "last_affected": "4.0.7" }, { "last_affected": "4.0.8" }, { "last_affected": "4.0.9" }, { "last_affected": "4.0.10" }, { "last_affected": "4.0.10.1" }, { "last_affected": "4.0.10.2" }, { "last_affected": "4.0.10.3" }, { "last_affected": "4.0.10.4" }, { "last_affected": "4.0.10.5" }, { "last_affected": "4.0.10.6" }, { "last_affected": "4.0.10.7" }, { "last_affected": "4.0.10.8" }, { "last_affected": "4.0.10.9" }, { "last_affected": "4.0.10.10" }, { "last_affected": "4.0.10.11" }, { "last_affected": "4.0.10.12" }, { "last_affected": "4.0.10.13" }, { "last_affected": "4.0.10.14" }, { "last_affected": "4.0.10.15" }, { "last_affected": "4.6.0" }, { "last_affected": "4.6.0-alpha1" }, { "last_affected": "4.6.0-rc1" }, { "last_affected": "4.6.0-rc2" }, { "last_affected": "4.6.1" }, { "last_affected": "4.6.2" }, { "last_affected": "4.4.0" }, { "last_affected": "4.4.1" }, { "last_affected": "4.4.1.1" }, { "last_affected": "4.4.2" }, { "last_affected": "4.4.3" }, { "last_affected": "4.4.4" }, { "last_affected": "4.4.5" }, { "last_affected": "4.4.6" }, { "last_affected": "4.4.6.1" }, { "last_affected": "4.4.7" }, { "last_affected": "4.4.8" }, { "last_affected": "4.4.9" }, { "last_affected": "4.4.10" }, { "last_affected": "4.4.11" }, { "last_affected": "4.4.12" }, { "last_affected": "4.4.13" }, { "last_affected": "4.4.13.1" }, { "last_affected": "4.4.14.1" }, { "last_affected": "4.4.15" }, { "last_affected": "4.4.15.1" }, { "last_affected": "4.4.15.2" }, { "last_affected": "4.4.15.3" }, { "last_affected": "4.4.15.4" }, { "last_affected": "4.4.15.5" }, { "last_affected": "4.4.15.6" } ], "cpe": [ "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.2:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.3:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.4:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.5:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.6:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.7:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.8:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.9:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.10:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.11:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.12:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.13:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.14:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.15:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.0:alpha1:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.11:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.12:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.13:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.13.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.14.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.2:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.3:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.4:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.5:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.6:*:*:*:*:*:*:*" ] }
Affected versions
Other
RELEASE_2_2_0
RELEASE_2_2_1
RELEASE_2_2_2
RELEASE_2_2_3
RELEASE_2_2_4
RELEASE_2_2_5
RELEASE_2_2_6
RELEASE_2_2_7PL1
RELEASE_2_3_0
RELEASE_2_3_1
RELEASE_2_3_2
RELEASE_2_3_3PL1
RELEASE_2_4_0
RELEASE_2_5_0
RELEASE_2_5_1
RELEASE_2_5_2
RELEASE_2_5_4
RELEASE_2_5_5PL1
RELEASE_2_5_6
RELEASE_2_5_7PL1
RELEASE_2_6_1PL3
RELEASE_2_6_2PL1
RELEASE_2_6_3PL1
RELEASE_2_6_4PL4
RELEASE_2_7_0PL2
RELEASE_2_8_0_4
RELEASE_2_8_1
RELEASE_2_8_2_4
RELEASE_2_9_0
RELEASE_3_4_0RC2
RELEASE_3_5_0ALPHA1
RELEASE_4_0_0
RELEASE_4_0_0ALPHA2
RELEASE_4_0_0BETA3
RELEASE_4_0_0RC1
RELEASE_4_0_0RC2
RELEASE_4_0_0RC3
RELEASE_4_0_0RC4
RELEASE_4_0_1
RELEASE_4_0_10
RELEASE_4_0_10_1
RELEASE_4_0_10_10
RELEASE_4_0_10_11
RELEASE_4_0_10_12
RELEASE_4_0_10_13
RELEASE_4_0_10_14
RELEASE_4_0_10_15
RELEASE_4_0_10_2
RELEASE_4_0_10_3
RELEASE_4_0_10_4
RELEASE_4_0_10_5
RELEASE_4_0_10_6
RELEASE_4_0_10_7
RELEASE_4_0_10_8
RELEASE_4_0_10_9
RELEASE_4_0_1RC1
RELEASE_4_0_2
RELEASE_4_0_2RC1
RELEASE_4_0_3
RELEASE_4_0_3RC1
RELEASE_4_0_4
RELEASE_4_0_4RC1
RELEASE_4_0_4_1
RELEASE_4_0_4_2
RELEASE_4_0_5
RELEASE_4_0_5RC1
RELEASE_4_0_5RC2
RELEASE_4_0_6
RELEASE_4_0_6RC1
RELEASE_4_0_6RC2
RELEASE_4_0_7
RELEASE_4_0_7RC1
RELEASE_4_0_8
RELEASE_4_0_8RC1
RELEASE_4_0_9
RELEASE_4_0_9RC1
RELEASE_4_1_0ALPHA1
RELEASE_4_1_0BETA1
RELEASE_4_1_0BETA2
RELEASE_4_2_0ALPHA2
RELEASE_4_2_0BETA1
RELEASE_4_4_0
RELEASE_4_4_0ALPHA1
RELEASE_4_4_1
RELEASE_4_4_10
RELEASE_4_4_11
RELEASE_4_4_12
RELEASE_4_4_13
RELEASE_4_4_13_1
RELEASE_4_4_14
RELEASE_4_4_14_1
RELEASE_4_4_15
RELEASE_4_4_15_1
RELEASE_4_4_15_2
RELEASE_4_4_15_3
RELEASE_4_4_15_4
RELEASE_4_4_15_5
RELEASE_4_4_15_6
RELEASE_4_4_1_1
RELEASE_4_4_2
RELEASE_4_4_3
RELEASE_4_4_4
RELEASE_4_4_5
RELEASE_4_4_6
RELEASE_4_4_6_1
RELEASE_4_4_7
RELEASE_4_4_8
RELEASE_4_4_9
RELEASE_4_6_0
RELEASE_4_6_0ALPHA1
RELEASE_4_6_0RC1
RELEASE_4_6_0RC2
RELEASE_4_6_1
RELEASE_4_6_2