phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the preg_replace e (aka eval) modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table search-and-replace implementation
Reporter | Title | Published | Views | Family All 30 |
---|---|---|---|---|
seebug.org | PhpMyAdmin 4.3.0—4.6.2 authorized users remote command execution vulnerability | 1 Aug 201600:00 | – | seebug |
Packet Storm | phpMyAdmin 4.x Remote Code Execution | 18 Jun 201800:00 | – | packetstorm |
Metasploit | phpMyAdmin Authenticated Remote Code Execution | 18 Jun 201812:33 | – | metasploit |
Check Point Advisories | Web Servers PHPMyAdmin Remote Code Execution (CVE-2016-5734) | 19 Jun 201800:00 | – | checkpoint_advisories |
0day.today | phpMyAdmin 4.x Remote Code Execution Exploit | 19 Jun 201800:00 | – | zdt |
0day.today | phpMyAdmin 4.6.2 - Authenticated Remote Code Execution | 29 Jul 201600:00 | – | zdt |
Cvelist | CVE-2016-5734 | 3 Jul 201601:00 | – | cvelist |
Prion | Design/Logic Flaw | 3 Jul 201601:59 | – | prion |
Exploit DB | phpMyAdmin 4.6.2 - (Authenticated) Remote Code Execution | 29 Jul 201600:00 | – | exploitdb |
NVD | CVE-2016-5734 | 3 Jul 201601:59 | – | nvd |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo