Backdoor in phpMyAdmin
Severity Rating: Critical
Number of vulnerabilities: 1
Impact: System Compromise
Affected products: phpMyAdmin 3.x
Affected versions: phpMyAdmin 3.5.2.2
Description:
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability is caused due to the presence of a backdoor in the source code phpMyAdmin-3.5.2.2-all-languages.zip (file server_sync.php), accessible through the mirror “cdnetworks-kr-1” SourceForge. A remote user can execute arbitrary PHP code on the target system.
Manufacturer URL: www.phpmyadmin.net
Solution: Install the latest version from the manufacturer.
links:
http://www.phpmyadmin.net/home_page/security/PMASA-2012-5.php