Description
phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the preg_replace e (aka eval) modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table search-and-replace implementation.
Remediation
References
Related Vulnerabilities
WordPress Plugin My Page Order Cross-Site Scripting (4.3)
WordPress Plugin Event List SQL Injection (0.7.8)
Joomla! Core 3.x.x Security Bypass (3.2.0 - 3.9.4)
Django Cleartext Transmission of Sensitive Information Vulnerability (CVE-2019-12781)
WordPress Plugin Online Hotel Booking System Pro Cross-Site Scripting (1.1)