CVE-2016-2562

Name of the Vulnerable Software and Affected Versions phpMyAdmin versions 4.5.x through 4.5.5.0

Description The issue concerns the checkHTTP function in the Config.class.php file, which fails to verify X.509 certificates from SSL servers, specifically those from api.github.com. This oversight allows man-in-the-middle attackers to spoof these servers, potentially obtaining sensitive information by using a crafted certificate.

Recommendations For phpMyAdmin versions 4.5.x through 4.5.5.0, update to version 4.5.5.1 or later to resolve the issue. As a temporary workaround, consider disabling the checkHTTP function until a patch is available. Restrict access to the Config.class.php file to minimize the risk of exploitation. Avoid using the checkHTTP function for verifying SSL connections until the issue is resolved.