Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
phpMyAdmin Improper Control of Generation of Code (Code Injection) Vulnerability - CVE-2016-5734 - Vulnerability Database
phpMyAdmin

phpMyAdmin Improper Control of Generation of Code (Code Injection) Vulnerability - CVE-2016-5734

Critical
Reference: CVE-2016-5734
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2016-5734
Title: phpMyAdmin Improper Control of Generation of Code (Code Injection) Vulnerability
Overview:

phpMyAdmin 4.0.x before 4.0.10.16 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the preg_replace e (aka eval) modifier which might allow remote attackers to execute arbitrary PHP code via a crafted string as demonstrated by the table search-and-replace implementation.