Vulnerability – Backdoor in phpMyAdmin

Posted: September 25, 2012 in Vulnerabilities
Tags: , ,

phpMyAdminBackdoor in phpMyAdmin

Severity Rating: Critical
Number of vulnerabilities: 1
Impact: System Compromise
Affected products: phpMyAdmin 3.x
Affected versions: phpMyAdmin 3.5.2.2

Description:

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability is caused due to the presence of a backdoor in the source code phpMyAdmin-3.5.2.2-all-languages.zip (file server_sync.php), accessible through the mirror “cdnetworks-kr-1” SourceForge. A remote user can execute arbitrary PHP code on the target system.

Manufacturer URL: www.phpmyadmin.net

Solution: Install the latest version from the manufacturer.

links:

http://www.phpmyadmin.net/home_page/security/PMASA-2012-5.php

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s