Vulnerability — CVE-2016-5734

CVE-2016-5734

Reference to the description:: https://nvd.nist.gov/vuln/detail/CVE-2016-5734
Description:: phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the preg_replace e (aka eval) modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table search-and-replace implementation.
Last updated date:: 07/01/2017

ACTIVELY EXPLOITED

Type:: exploitation
Confidence:: HIGH
Date of publishing:: 05/17/2024
Reference url to background: https://1665891.fs1.hubspotusercontent-na1.net/hubfs/1665891/Threat%20reports/AquaSecurity_Kinsing_Demystified_Technical_Guide.pdf

Type:: exploit
Confidence:: HIGH
Date of publishing:: 06/26/2020
Reference url to background: https://github.com/coffeehb/Some-PoC-oR-ExP/blob/master/PhpMyAdmin/phpmyadmin4.6.2_RCE.py

Type:: exploit
Confidence:: HIGH
Date of publishing:: 02/17/2021
Reference url to background: https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/phpmyadmin_null_termination_exec.rb