Description
The checkHTTP function in libraries/Config.class.php in phpMyAdmin 4.5.x before 4.5.5.1 does not verify X.509 certificates from api.github.com SSL servers, which allows man-in-the-middle attackers to spoof these servers and obtain sensitive information via a crafted certificate.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Social Feed Gallery Unspecified Vulnerability (2.1.1)
WordPress Plugin Uploader Cross-Site Scripting and Arbitrary File Upload Vulnerabilities (1.0.4)
Internet Information Services Other Vulnerability (CVE-2000-0970)
WordPress Plugin Arlo training and event management system Cross-Site Scripting (2.1.7.1)