CVE-2016-5734

CRITICAL EXPLOITED IN THE WILD LAB

phpMyAdmin <4.0.10.16, <4.4.15.7, <4.6.3 - RCE

Title source: llm

Description

phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the preg_replace e (aka eval) modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table search-and-replace implementation.

Exploits (5)

exploitdb WORKING POC
by @iamsecurity · pythonwebappsphp
https://www.exploit-db.com/exploits/40185
nomisec WORKING POC 1 stars
by miko550 · remote
https://github.com/miko550/CVE-2016-5734-docker
nomisec WORKING POC
by HKirito · remote-auth
https://github.com/HKirito/phpmyadmin4.4_cve-2016-5734
nomisec STUB
by KosukeShimofuji · poc
https://github.com/KosukeShimofuji/CVE-2016-5734
metasploit WORKING POC EXCELLENT
by Michal Čihař and Cure53 · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/phpmyadmin_null_termination_exec.rb

References (6)

Scores

CVSS v3 9.8
EPSS 0.8702
EPSS Percentile 99.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Lab Environment

COMMUNITY
Community Lab
docker pull vulhub/phpmyadmin:4.4.15.6
docker pull mysql:5.5
+1 more repos

Details

VulnCheck KEV 2024-05-10
InTheWild.io 2024-05-17
CWE
CWE-94
Status published
Products (47)
phpmyadmin/phpmyadmin 4.0.0
phpmyadmin/phpmyadmin 4.0.1
phpmyadmin/phpmyadmin 4.0.2
phpmyadmin/phpmyadmin 4.0.3
phpmyadmin/phpmyadmin 4.0.4
phpmyadmin/phpmyadmin 4.0.4.1
phpmyadmin/phpmyadmin 4.0.4.2
phpmyadmin/phpmyadmin 4.0.5
phpmyadmin/phpmyadmin 4.0.6
phpmyadmin/phpmyadmin 4.0.7
... and 37 more
Published Jul 03, 2016
Tracked Since Feb 18, 2026