Description

One server from the SourceForge.net mirror system was distributing a phpMyAdmin kit containing a backdoor. One of the SourceForge.net mirrors, namely cdnetworks-kr-1, was being used to distribute a modified archive of phpMyAdmin, which includes a backdoor. This backdoor is located in file server_sync.php and allows an attacker to remotely execute PHP code. Another file, js/cross_framing_protection.js, has also been modified. We currently know only about phpMyAdmin-3.5.2.2-all-languages.zip being affected, check if your download contains a file named server_sync.php.

Remediation

Check your phpMyAdmin distribution and download it again from a trusted mirror if your copy contains a file named server_sync.php.

References

PMASA-2012-5

Related Vulnerabilities

WordPress Plugin Coming Soon Possible Remote Code Execution (1.1.3)

HipChat for JIRA plugin - Velocity template injection

Oracle Weblogic Async Component Deserialization RCE CVE-2019-2725

Apache mod_rewrite off-by-one buffer overflow vulnerability

WordPress Plugin Catch Themes Demo Import Remote Code Execution (2.1)

Severity

High

Classification

CVE-2012-5159 CWE-95 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Code Execution