automatic module_metadata_base.json update

db/modules_metadata_base.json

@@ -41515,6 +41515,38 @@
     "is_install_path": true,
     "ref_name": "multi/http/phpmyadmin_3522_backdoor"
   },
+  "exploit_multi/http/phpmyadmin_null_termination_exec": {
+    "name": "phpMyAdmin Authenticated Remote Code Execution",
+    "full_name": "exploit/multi/http/phpmyadmin_null_termination_exec",
+    "rank": 600,
+    "disclosure_date": "2016-06-23",
+    "type": "exploit",
+    "author": [
+      "Michal Čihař and Cure53",
+      "Matteo Cantoni <goony@nothink.org>"
+    ],
+    "description": "phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before\n        4.6.3 does not properly choose delimiters to prevent use of the preg_replace\n        (aka eval) modifier, which might allow remote attackers to execute arbitrary\n        PHP code via a crafted string, as demonstrated by the table search-and-replace\n        implementation.",
+    "references": [
+      "BID-91387",
+      "CVE-2016-5734",
+      "CWE-661",
+      "URL-https://www.phpmyadmin.net/security/PMASA-2016-27/",
+      "URL-https://security.gentoo.org/glsa/201701-32",
+      "URL-https://www.exploit-db.com/exploits/40185/"
+    ],
+    "is_server": true,
+    "is_client": false,
+    "platform": "PHP",
+    "arch": "php",
+    "rport": "80",
+    "targets": [
+      "Automatic"
+    ],
+    "mod_time": "2018-06-18 08:35:47 +0000",
+    "path": "/modules/exploits/multi/http/phpmyadmin_null_termination_exec.rb",
+    "is_install_path": true,
+    "ref_name": "multi/http/phpmyadmin_null_termination_exec"
+  },
   "exploit_multi/http/phpmyadmin_preg_replace": {
     "name": "phpMyAdmin Authenticated Remote Code Execution via preg_replace()",
     "full_name": "exploit/multi/http/phpmyadmin_preg_replace",