logo

Database

Lack of data validation In phpmyadmin/phpmyadmin

Description

phpMyAdmin Improper Input Validation The checkHTTP function in libraries/Config.class.php in phpMyAdmin 4.5.x before 4.5.5.1 does not verify X.509 certificates from api.github.com SSL servers, which allows man-in-the-middle attackers to spoof these servers and obtain sensitive information via a crafted certificate.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2016-25622. NVD-2016-25623. OSV-2016-25624. OSV-DEBIAN-2016-25625. GCVE-2016-25626. SECURITY-TRACKER-CVE-2016-2562

References

1. https://github.com/phpmyadmin/phpmyadmin/commit/e42b7e3aedd29dd0f7a48575f20bfc5aca0ff9762. https://www.phpmyadmin.net/security/PMASA-2016-133. http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178562.html4. http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178869.html

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.