This vulnerability has been modified since it was last analyzed by the NVD. It is awaiting reanalysis which may result in further changes to the information provided.
phpMyAdmin 4.0.x before 18.104.22.168, 4.4.x before 22.214.171.124, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the preg_replace e (aka eval) modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table search-and-replace implementation.
CVSS 3.x Severity and Metrics:
CVSS 2.0 Severity and Metrics: