phpMyAdmin has issued a warning that one of the sourceforge.net mirrors was being used to distribute a modified archive of phpMyAdmin, which contains a backdoor.
According to the report, the developers have been notified by the Tencent Security Response Center that the distribution contains a malicious file.
The affected mirror ,namely cdnetworks-kr-1, contains the modified version. In this archive, the backdoor is located in file server_sync.php that allows an attacker to remotely execute PHP code.
Apparently, this isn’t the only modified file. Another file, js/cross_framing_protection.js, has also been modified.
According to the development team, only phpMyAdmin-3.5.2.2-all-languages.zip is affected. Users are advised to check their download contains a file named "Server_sync.php".
If your copy contains the backdoor file, then you are advised to download the entire distribution again from a trusted mirror.
