Description
The checkHTTP function in libraries/Config.class.php in phpMyAdmin 4.5.x before 4.5.5.1 does not verify X.509 certificates from api.github.com SSL servers, which allows man-in-the-middle attackers to spoof these servers and obtain sensitive information via a crafted certificate.
Remediation
References
Related Vulnerabilities
Plone CMS Improper Restriction of Rendered UI Layers or Frames Vulnerability (CVE-2024-0669)
MySQL CVE-2018-3283 Vulnerability (CVE-2018-3283)
WordPress Plugin Collapse-O-Matic Cross-Site Scripting (1.8.2)
Joomla! Core 3.x.x Remote File Inclusion (3.0.0 - 3.2.5)
WordPress Plugin WP Visitor Statistics (Real Time Traffic) SQL Injection (6.8.1)