CVE-2015-3903 — Phpmyadmin vulnerability
Severity
4.3MEDIUMNVD
EPSS
1.2%
top 21.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 26
Latest updateMay 14
Description
libraries/Config.class.php in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 disables X.509 certificate verification for GitHub API calls over SSL, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVSS vector
AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9
Affected Packages3 packages
Patches
🔴Vulnerability Details
2📋Vendor Advisories
1Debian▶
CVE-2015-3903: phpmyadmin - libraries/Config.class.php in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4....↗2015
💬Community
3Bugzilla▶
CVE-2015-3903 phpMyAdmin: Vulnerability allowing man-in-the-middle attack on API call to GitHub [epel-7]↗2015-05-18
Bugzilla▶
CVE-2015-3903 phpMyAdmin4: phpMyAdmin: Vulnerability allowing man-in-the-middle attack on API call to GitHub [epel-5]↗2015-05-18
Bugzilla▶
CVE-2015-3903 phpMyAdmin: Vulnerability allowing man-in-the-middle attack on API call to GitHub↗2015-05-14