Backdoor in phpMyAdmin

Posted: September 25, 2012 in Vulnerability News
Tags: , ,

phpMyAdminIn the latest version of phpMyAdmin is on found backdoor.

PhpMyAdmin on the site published a report that the latest version of SQL-client phpMyAdmin, distributed resource, contains backdoor.

Until recently, the mirror cdnetworks-kr-1 at distribute modified versions of the client, the file contains a backdoor server_sync.php, as well as changes to the file js / cross_framing_protection.js. Discovered backdoor allows an attacker to remotely execute arbitrary PHP code.

At the time of publication of news producer knew only that a compromised version of

To check whether your version of phpMyAdmin backdoor, check the application for the file server_sync.php. If you are using a compromised version, the manufacturer recommends that you delete it and re-download from a trusted repository.

It is currently unknown when the malicious file was added to the distribution, and how many users had to download it and install it.

Manufacturer thanks for backdoor detection Tencent Security Response Center. A detailed description of the vulnerability can be found here

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s