Descriptionlibraries/Config.class.php in phpMyAdmin 4.0.x before 18.104.22.168, 4.2.x before 22.214.171.124, 4.3.x before 126.96.36.199, and 4.4.x before 188.8.131.52 disables X.509 certificate verification for GitHub API calls over SSL, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
|National Vulnerability Database|
SUSE Security Advisories:
- openSUSE-SU-2015:1191-1, published Sat, 4 Jul 2015 12:05:49 +0200 (CEST)
List of released packages
|Product(s)||Fixed package version(s)||References|
|openSUSE Tumbleweed|| ||Patchnames: |
openSUSE Tumbleweed GA phpMyAdmin-184.108.40.206-1.1
SUSE Timeline for this CVECVE page created: Wed May 13 22:16:37 2015
CVE page last modified: Fri Oct 7 12:47:09 2022