← back
CVE-2016-5734

CVE-2016-5734

EPSS 81.4%◆ VulnCheck KEV
Vexday Risk Score
82Fix now
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
Exploit maturity
Functional exploit
Popular PoC on GitHub (1 stars) — exploitation code widely available.
CVSS EPSS 81.4%KEV nãoPoC públicaNuclei Metasploit simPatch referenciado
Lifecycle
23 Jun 2016Metasploit module available
03 Jul 2016Published on NVD
08 Jul 2016Public PoC
Weaponization speed
5 daysto first PoC
Weaponized quickly — attackers prioritized this vulnerability. Patch urgently.
Recommendation: Patch as soon as possible — active exploitation confirmed.
phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the preg_replace e (aka eval) modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table search-and-replace implementation.
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.