Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE Request - phpMyAdmin: PMASA-2012-5 incident
From: Marcus Meissner <meissner () suse de>
Date: Tue, 25 Sep 2012 17:07:07 +0200

On Tue, Sep 25, 2012 at 10:52:20AM -0400, Jan Lieskovsky wrote:
Hello Kurt, Steve, vendors,

  based on:
  [1] http://www.phpmyadmin.net/home_page/security/PMASA-2012-5.php
  [2] http://secunia.com/advisories/50703/

looks (more from [1]): "One server from the SourceForge.net mirror
system was distributing a phpMyAdmin kit containing a backdoor,
allowing remotely to execute arbitrary PHP code."

Could you allocate a CVE id for this? (I think it's appropriate)

FWIW, it is possible that this mirror has distributed more backdoored
software and not just phpMyAdmin.

Ciao, Marcus


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]