CVE-2016-5734

Source
https://cve.org/CVERecord?id=CVE-2016-5734
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-5734.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2016-5734
Aliases
Downstream
Related
Published
2016-07-03T01:59:24.753Z
Modified
2026-05-17T11:54:13.361406357Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the preg_replace e (aka eval) modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table search-and-replace implementation.

References

Affected packages