Malicious PhpMyAdmin Served From SourceForge Mirror

An anonymous reader writes with a bit of news about the compromised download of phpMyAdmin discovered on an sf.net mirror yesterday: "A malicious version of the open source Web-based MySQL database administration tool phpMyAdmin has been discovered on one of the official mirror sites of SourceForge, the popular online code repository for free and open source software. The file — phpMyAdmin-3.5.2.2-all-languages.zip — was modified to include a backdoor that allowed attackers to remotely execute PHP code on the server running the malicious version of phpMyAdmin." The Sourceforge weblog has details. Someone compromised a mirror (since removed from rotation of course) around September 22nd. Luckily, only around 400 people grabbed the file before someone caught it.

What's the problem?

[Anonymous Coward]

It's open source so I'm sure all the users did a code review and found the problem. This is why open source is more secure and less buggy than closed source software.

"weblog"?

[i kan reed]

Is this 1998? Was the malicious file found on the world wide web?

Re:Truly! I am shocked!

[X0563511]

I don't have any frenids either.

What's a frenid again?

Re:Duh.

[Zenin]

Anyone who understands how security works would consider php's very existence on a server to be a security hole.

There, I fixed it for you. You're welcome.