Lucene search

K
osvGoogleOSV:GHSA-W8QG-J9FP-HRJF
HistoryMay 17, 2022 - 3:31 a.m.

phpMyAdmin Improper Input Validation

2022-05-1703:31:14
Google
osv.dev
8
phpmyadmin
input validation
api.github.com
ssl
man-in-the-middle
certificate
sensitive information
software

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

40.2%

The checkHTTP function in libraries/Config.class.php in phpMyAdmin 4.5.x before 4.5.5.1 does not verify X.509 certificates from api.github.com SSL servers, which allows man-in-the-middle attackers to spoof these servers and obtain sensitive information via a crafted certificate.

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

40.2%