Possible compromised version of phpMyAdmin has been distributed from sourceforge mirrors

If you are running phpMyAdmin, and have recently performed an update, you might have a compromised version.  In short, any version that was downloaded from the SourceForge Mirror site – cdnetworks-kr-1 and contains file – server_sync.php. probably contains a backdoor. As this vulnerability is classified as EXTREMELY CRITICAL, I would suggest you verify that no such file exists in your installed version.



Check your phpMyAdmin distribution and download it again from a trusted mirror if your copy contains a file named server_sync.php.


Secunia Advisory SA50703

phpMyAdmin Compromised Source Package Backdoor Security Issue

Secunia Advisory               SA50703

Release Date      2012-09-25

Criticality level Extremely critical


A security issue has been reported in phpMyAdmin, which can be exploited by malicious people to compromise a vulnerable system.


The security issue is caused due to the distribution of a compromised phpMyAdmin source code package containing a backdoor, which can be exploited to e.g. execute arbitrary PHP code.


The compromised source file was distributed via the “cdnetworks-kr-1” SourceForge mirror with the phpMyAdmin- download.



Download and reinstall phpMyAdmin.

Provided and/or discovered by

The vendor credits Tencent Security Response Center.


Original Advisory





Categories: Uncategorized