Description
The checkHTTP function in libraries/Config.class.php in phpMyAdmin 4.5.x before 4.5.5.1 does not verify X.509 certificates from api.github.com SSL servers, which allows man-in-the-middle attackers to spoof these servers and obtain sensitive information via a crafted certificate.
Remediation
References
Related Vulnerabilities
Microsoft SQL Server Permissions, Privileges, and Access Controls Vulnerability (CVE-2003-0230)
Drupal CVE-2007-0626 Vulnerability (CVE-2007-0626)
WordPress Plugin Chat Room Directory Traversal (0.1.2)
OpenSSL NULL Pointer Dereference Vulnerability (CVE-2023-0401)
WordPress Plugin NextGEN Gallery-WordPress Gallery Cross-Site Scripting (2.2.10)