# phpmyadmin - backdoor

## Joseph_sys

Do we have a back-door in our phpmyadmin-3.5.2.2 (this is our current stable version)?

Though I don't have a file called server_sync.php on my system.

Here is the article about it:

http://arstechnica.com/security/2012/09/questions-abound-as-malicious-phpmyadmin-backdoor-found-on-sourceforge-site/

----------

## khayyam

Joseph_sys ...

unlikely as it would require that the developer obtained the source from this one particular effected mirror prior to creating the manifest and comiting, and even if this would happen those users getting the source from an uneffected mirror would recieve an error as the manifest would be incorrect ("filesize does not match recorded size").

best ... khay

----------

