Backdoor in phpMyAdmin Allows Hackers to Execute PHP Code

Only a particular distribution from SourceForge.net is affected

By Eduard Kovacs on September 25th, 2012 14:25 GMT

phpMyAdmin is warning customers that a kit hosted on the SourceForge.net mirror system has been found to contain a backdoor that allows remote attackers to execute arbitrary PHP code.

The developers have been notified by the Tencent Security Response Center that the distribution contains a malicious file.

The affected mirror is called cdnetworks-kr-1, the backdoor being located in the server_sync.php file.

Apparently, this isn’t the only corrupt file. The phpMyAdmin development team claims that a second file - js/cross_framing_protection.js – has also been modified. The vulnerability has been cataloged as being a critical one.

Users who downloaded phpMyAdmin-3.5.2.2-all-languages.zip from the aforementioned mirror are advised to check if the download contains the server_sync.php file.

If the file is present, the entire distribution should be downloaded once again from a trusted mirror.
phpMyAdmin distribution found to contain backdoor
   phpMyAdmin distribution found to contain backdoor
MORE ON THIS TOPIC
LATEST NEWS
HOT RIGHT NOW

Comments