In the latest version of phpMyAdmin is on SourceForge.net found backdoor.
PhpMyAdmin on the site published a report that the latest version of SQL-client phpMyAdmin, distributed resource SourceForge.net, contains backdoor.
Until recently, the mirror cdnetworks-kr-1 at SourceForge.net distribute modified versions of the client, the file contains a backdoor server_sync.php, as well as changes to the file js / cross_framing_protection.js. Discovered backdoor allows an attacker to remotely execute arbitrary PHP code.
At the time of publication of news producer knew only that a compromised version of phpMyAdmin-3.5.2.2-all-languages.zip.
To check whether your version of phpMyAdmin backdoor, check the application for the file server_sync.php. If you are using a compromised version, the manufacturer recommends that you delete it and re-download from a trusted repository.
It is currently unknown when the malicious file was added to the distribution, and how many users had to download it and install it.
Manufacturer thanks for backdoor detection Tencent Security Response Center. A detailed description of the vulnerability can be found here
