PhpMyAdminPHPMYADMIN:PMASA-2012-5One server from the SourceForge.net mirror system was distributing a phpMyAdmin kit containing a backdoor.
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
98.9%
PMASA-2012-5
Announcement-ID: PMASA-2012-5
Date: 2012-09-25
Updated: 2012-09-26
Summary
One server from the SourceForge.net mirror system was distributing a phpMyAdmin kit containing a backdoor.
Description
One of the SourceForge.net mirrors, namely cdnetworks-kr-1, was being used to distribute a modified archive of phpMyAdmin, which includes a backdoor. This backdoor is located in file server_sync.php and allows an attacker to remotely execute PHP code. Another file, js/cross_framing_protection.js, has also been modified.
Severity
We consider this vulnerability to be critical.
Affected Versions
We currently know only about <code>phpMyAdmin-3.5.2.2-all-languages.zip</code> being affected, check if your download contains a file named <code>server_sync.php</code>.
Solution
Check your phpMyAdmin distribution and download it again from a trusted mirror if your copy contains a file named <code>server_sync.php</code>.
References
Thanks to Tencent Security Response Center for letting us know about this issue. You can also find additional details in SourceForge blog.
Assigned CVE ids: CVE-2012-5159
More information
For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
98.9%