- One server from the SourceForge.net mirror system was distributing a phpMyAdmin kit containing a backdoor. One of the SourceForge.net mirrors, namely cdnetworks-kr-1, was being used to distribute a modified archive of phpMyAdmin, which includes a backdoor. This backdoor is located in file server_sync.php and allows an attacker to remotely execute PHP code. Another file, js/cross_framing_protection.js, has also been modified. We currently know only about phpMyAdmin-220.127.116.11-all-languages.zip being affected, check if your download contains a file named server_sync.php.
- Check your phpMyAdmin distribution and download it again from a trusted mirror if your copy contains a file named server_sync.php.
- WordPress Plugin wSecure Lite Remote Code Execution (2.3)
- Drupal Core 5.x Arbitrary Code Execution (5.0 - 5.0)
- WordPress Plugin NextGEN Gallery-WordPress Gallery Remote Code Execution (2.1.59)
- WordPress Plugin is_human() 'type' Parameter Remote Command Injection (1.4.2)
- HTTP.sys remote code execution vulnerability