NVD

Id
20927  
Name
CVE-2016-5734  
Description
phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the preg_replace e (aka eval) modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table search-and-replace implementation.  
Reject
 
CVSS Version
2  
CVSS Score
7.5  
Severity
High  
CVSS Base Score
7.5  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-19  
Published
2016-07-02  
Modified Date
2016-11-28  
Seq
2016-5734  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
114007 20927 CVE-2016-5734 91387  View
114008 20927 CVE-2016-5734 https://github.com/phpmyadmin/phpmyadmin/commit/1cc7466db3a05e95fe57a6702f41773e6829d54b  View
114009 20927 CVE-2016-5734 https://github.com/phpmyadmin/phpmyadmin/commit/4bcc606225f15bac0b07780e74f667f6ac283da7  View
114010 20927 CVE-2016-5734 40185  View
114011 20927 CVE-2016-5734 https://www.phpmyadmin.net/security/PMASA-2016-27/  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
2661 JVNDB-2016-003434 phpMyAdmin における任意の PHP コードを実行される脆弱性 phpMyAdmin は、preg_replace の e 修飾子 (別名 eval) の使用を制限する区切り文字を適切に選択しないため、任意の PHP コードを実行される脆弱性が存在します。 CVE-2016-5734 92240 CVE-2016-5734 20927 7.5 9.8 http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-003434.html 2016-06-23 2016-07-07 View