A kit on the SourceForge.net mirror system contains a backdoor that allows remote attackers to execute arbitrary PHP code.
Tencent Security Response Center notified developers the distribution contains a malicious file.
The affected mirror is cdnetworks-kr-1, with the backdoor located in the server_sync.php file.
Apparently, this isn’t the only corrupt file. The phpMyAdmin development team said a second file, js/cross_framing_protection.js, also underwent modification. The vulnerability is critical.
Users who downloaded phpMyAdmin-220.127.116.11-all-languages.zip from the SourceForge.net mirror should check if the download contains the server_sync.php file.
If the file is present, the users should download the entire distribution once again from a trusted mirror.