VulnerableCode Vulnerability Details - VCID-2f7e-49ww-e7cq

Search for vulnerabilities

Vulnerability details: VCID-2f7e-49ww-e7cq

Essentials
Severities (1)
References (4)
Severity details (0)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-2f7e-49ww-e7cq
Aliases	CVE-2016-2562
Summary	The checkHTTP function in libraries/Config.class.php in phpMyAdmin 4.5.x before 4.5.5.1 does not verify X.509 certificates from api.github.com SSL servers, which allows man-in-the-middle attackers to spoof these servers and obtain sensitive information via a crafted certificate.
Status	Published
Exploitability	None
Weighted Severity	None
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-20	Improper Input Validation
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.0023	https://api.first.org/data/v1/epss?cve=CVE-2016-2562

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2016-2562
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2562
		https://www.phpmyadmin.net/security/PMASA-2016-13/
CVE-2016-2562		https://nvd.nist.gov/vuln/detail/CVE-2016-2562

No exploits are available.

There are no known vectors.

Exploit Prediction Scoring System (EPSS)

Percentile	0.45863
EPSS Score	0.0023
Published At	Dec. 19, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-12-19T17:41:31.025656+00:00	Debian Importer	Import	https://security-tracker.debian.org/tracker/data/json	37.0.0