PMASA-2012-5
Announcement-ID: PMASA-2012-5
Date: 2012-09-25
Summary
One server from the SourceForge.net mirror system was distributing a phpMyAdmin kit containing a backdoor.
Description
One of the SourceForge.net mirrors, namely cdnetworks-kr-1, was being used to distribute a modified archive of phpMyAdmin, which includes a backdoor. This backdoor is located in file server_sync.php and allows an attacker to remotely execute PHP code. Another file, js/cross_framing_protection.js, has also been modified.
Severity
We consider this vulnerability to be critical.
Affected Versions
We currently know only about phpMyAdmin-3.5.2.2-all-languages.zip being affected, check if your download contains a file named server_sync.php.
Solution
Check your phpMyAdmin distribution and download it again from a trusted mirror if your copy contains a file named server_sync.php.
References
Thanks to Tencent Security Response Center for letting us know about this issue.
More information
For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.
