CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
98.9%
Announcement-ID: PMASA-2012-5
Date: 2012-09-25
Updated: 2012-09-26
One server from the SourceForge.net mirror system was distributing a phpMyAdmin kit containing a backdoor.
One of the SourceForge.net mirrors, namely cdnetworks-kr-1
, was being used to distribute a modified archive of phpMyAdmin, which includes a backdoor. This backdoor is located in file server_sync.php
and allows an attacker to remotely execute PHP code. Another file, js/cross_framing_protection.js
, has also been modified.
We consider this vulnerability to be critical.
We currently know only about <code>phpMyAdmin-3.5.2.2-all-languages.zip</code> being affected, check if your download contains a file named <code>server_sync.php</code>.
Check your phpMyAdmin distribution and download it again from a trusted mirror if your copy contains a file named <code>server_sync.php</code>.
Thanks to Tencent Security Response Center for letting us know about this issue. You can also find additional details in SourceForge blog.
Assigned CVE ids: CVE-2012-5159
For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.