phpMyAdmin Compromised Source Package Backdoor Vulnerability

Last Update Date: 26 Sep 2012 11:51 Release Date: 26 Sep 2012 4508 Views

RISK: High Risk

High Risk

TYPE: Servers - Database Servers

TYPE: Database Servers

A vulnerability has been identified in phpMyAdmin, which can be exploited by malicious people to compromise a vulnerable system.

 

One of the SourceForge.net mirrors, namely cdnetworks-kr-1, was being used to distribute a modified archive of phpMyAdmin, which includes a backdoor. This backdoor is located in file server_sync.php and allows an attacker to remotely execute PHP code. Another file, js/cross_framing_protection.js, has also been modified.

Impact

  • Remote Code Execution

System / Technologies affected

  • phpMyAdmin 3.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Check your phpMyAdmin distribution and download it again from a trusted mirror if your copy contains a file named server_sync.php.

Vulnerability Identifier

Source

Related Link

Share with

Previous

Microsoft Internet Explorer 10 Multipule Vulnerabilities

25 Sep 2012 3993 Views

Next

Foxit Reader Insecure Library Loading Vulnerability

27 Sep 2012 4243 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY