← Supply-Chain Attack Compendium

phpmyadmin

Incident Summary

phpMyAdmin SourceForge mirror distributes JavaScript malware (2009)

Downloads of phpMyAdmin obtained from certain compromised SourceForge mirrors contained injected malicious JavaScript code within legitimate files (like js/cross_framing_protection.js). When an administrator used the compromised phpMyAdmin installation, this JavaScript executed in their browser, potentially redirecting them or loading external malicious content. This was separate from a later backdoor incident in 2012.

Date
2008-12-01 to 2009-01-21
Category
Open Source
Target Surface
Distribution
Insertion Phase
distribution
Impact
Unauthorized System Modification
Cause
Compromised Infrastructure

What Was Affected

Package phpmyadmin
LanguageJavascript
ComponentApplication
Artifact typesource archive
Domain typepackage host

Compromised Versions

  • 3.1.1

Incident Context

Motive
Financial Gain
Attribution
Cybercriminal Gang
Transitive
No
Observed Duration
51 days

Evidence

Compromised Artifacts

Current Artifacts and Analysis

Indicators and Changes

Hashes

  • md5:9537f4c5f9b959d24aad55ea0e4d9ebb

Source Data

Source record: oss/phpmyadmin/2009/meta.yaml