Description
One server from the SourceForge.net mirror system was distributing a phpMyAdmin kit containing a backdoor. One of the SourceForge.net mirrors, namely cdnetworks-kr-1, was being used to distribute a modified archive of phpMyAdmin, which includes a backdoor. This backdoor is located in file server_sync.php and allows an attacker to remotely execute PHP code. Another file, js/cross_framing_protection.js, has also been modified. We currently know only about phpMyAdmin-3.5.2.2-all-languages.zip being affected, check if your download contains a file named server_sync.php.
Remediation
Check your phpMyAdmin distribution and download it again from a trusted mirror if your copy contains a file named server_sync.php.
References
Related Vulnerabilities
Apache Struts 2 ClassLoader manipulation and denial of service (S2-020)
Drupal Core 8.9.x Remote Code Execution (8.9.0 - 8.9.9)
Text4shell: Apache Commons Text RCE via insecure interpolation
Drupal Core 8.6.x Remote Code Execution (8.6.0 - 8.6.9)
WordPress Plugin Five Star Restaurant Menu-WordPress Ordering Remote Code Execution (2.2.0)