Loading
Generated remediation guidance and an executive summary. No account required.
phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the preg_replace e (aka eval) modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table search-and-replace implementation.
Use CWE-94, Phpmyadmin vendor hub and Phpmyadmin product page to widen CVE-2016-5734 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2020-22452, CVE-2020-26935 and CVE-2020-22278 for nearby disclosures in the same product family.