Backdoor in phpMyAdmin
Severity Rating: Critical
Number of vulnerabilities: 1
Impact: System Compromise
Affected products: phpMyAdmin 3.x
Affected versions: phpMyAdmin 18.104.22.168
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability is caused due to the presence of a backdoor in the source code phpMyAdmin-22.214.171.124-all-languages.zip (file server_sync.php), accessible through the mirror “cdnetworks-kr-1” SourceForge. A remote user can execute arbitrary PHP code on the target system.
Manufacturer URL: www.phpmyadmin.net
Solution: Install the latest version from the manufacturer.