One server from the SourceForge.net mirror system was distributing a phpMyAdmin kit containing a backdoor.
One of the SourceForge.net mirrors, namely
cdnetworks-kr-1, was being used to
distribute a modified archive of phpMyAdmin, which includes a backdoor. This
backdoor is located in file
server_sync.php and allows an attacker to remotely execute PHP code. Another file,
has also been modified.
We consider this vulnerability to be critical.
We currently know only about <code>phpMyAdmin-126.96.36.199-all-languages.zip</code> being affected, check if your download contains a file named <code>server_sync.php</code>.
Check your phpMyAdmin distribution and download it again from a trusted mirror if your copy contains a file named <code>server_sync.php</code>.
Assigned CVE ids: CVE-2012-5159
For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.