Michal Čihař

**Name of the Vulnerable Software and Affected Versions** phpMyAdmin versions 4.0.x through 4.0.10.15 phpMyAdmin versions 4.4.x through 4.4.15.6 phpMyAdmin versions 4.6.x through 4.6.2 **Description** The issue arises from improper delimiter selection, which could allow remote attackers to execute arbitrary PHP code via a crafted string. This is demonstrated by the table search-and-replace implementation, potentially leveraging the preg replace e (aka eval) modifier. **Recommendations** For phpMyAdmin versions 4.0.x through 4.0.10.15, update to version 4.0.10.16 or later. For phpMyAdmin versions 4.4.x through 4.4.15.6, update to version 4.4.15.7 or later. For phpMyAdmin versions 4.6.x through 4.6.2, update to version 4.6.3 or later.