phpMyAdmin distributed with backdoor
Unknown attackers have managed to distribute a modified version of the open source phpMyAdmin database management tool that contained a backdoor via an official SourceForge download server. The backdoor was located in the phpMyAdmin-184.108.40.206-all-languages.zip installation archive, which was available on the Korean cdnetworks-kr-1 server from around 22 September.
The manipulated archive contains a "server_sync.php" script that enables attackers to inject arbitrary PHP commands into a server. Those who have recently downloaded phpMyAdmin should, therefore, check whether this file is included in their ZIP archive. According to the developers' advisory, the unknown attackers also modified the js/cross_framing_protection.js file, although the advisory doesn't mention any potential consequences.
SourceForge says that it has counted around 400 downloads of the modified file. The open source hosting service is the official download source for phpMyAdmin and, when trying to download the tool, a SourceForge mirror will automatically be suggested. The hosting service has disabled the affected mirror server for the time being.