Announcement-ID: PMASA-2012-5

Date: 2012-09-25

Updated: 2012-09-26


One server from the mirror system was distributing a phpMyAdmin kit containing a backdoor.


One of the mirrors, namely cdnetworks-kr-1, was being used to distribute a modified archive of phpMyAdmin, which includes a backdoor. This backdoor is located in file server_sync.php and allows an attacker to remotely execute PHP code. Another file, js/cross_framing_protection.js, has also been modified.


We consider this vulnerability to be critical.

Affected Versions

We currently know only about <code></code> being affected, check if your download contains a file named <code>server_sync.php</code>.


Check your phpMyAdmin distribution and download it again from a trusted mirror if your copy contains a file named <code>server_sync.php</code>.


Thanks to Tencent Security Response Center for letting us know about this issue. You can also find additional details in SourceForge blog.

Assigned CVE ids: CVE-2012-5159

CWE ids: CWE-661 CWE-95

More information

For further information and in case of questions, please contact the phpMyAdmin team. Our website is