CVE-2012-5159

phpMyAdmin 3.5.2.2 - Remote Code Execution via Trojaned server_sync.php

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2012-5159. PoCs published by Metasploit, hdm, including Metasploit module exploits/multi/http/phpmyadmin_3522_backdoor.

AI-analyzed exploit summary This Metasploit module exploits a backdoor in phpMyAdmin 3.5.2.2 via the server_sync.php file, which was compromised through a SourceForge mirror. It sends a hex-encoded payload via POST request to execute arbitrary PHP code.

Description

phpMyAdmin 3.5.2.2, as distributed by the cdnetworks-kr-1 mirror during an unspecified time frame in 2012, contains an externally introduced modification (Trojan Horse) in server_sync.php, which allows remote attackers to execute arbitrary PHP code via an eval injection attack.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubywebappsphp
https://www.exploit-db.com/exploits/21834

This Metasploit module exploits a backdoor in phpMyAdmin 3.5.2.2 via the server_sync.php file, which was compromised through a SourceForge mirror. It sends a hex-encoded payload via POST request to execute arbitrary PHP code.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: phpMyAdmin 3.5.2.2
No auth needed
Prerequisites: Access to the compromised phpMyAdmin instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC NORMAL
by hdm · rubypocphp
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/phpmyadmin_3522_backdoor.rb

This Metasploit module exploits a backdoor in phpMyAdmin 3.5.2.2 via the server_sync.php file, allowing arbitrary code execution through a compromised SourceForge mirror. The exploit sends a hex-encoded payload via POST request to trigger remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: phpMyAdmin 3.5.2.2
No auth needed
Prerequisites: Access to the compromised phpMyAdmin instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/55672
Mailing List mailing-list x_refsource_mlist
http://seclists.org/oss-sec/2012/q3/562

Scores

EPSS 0.7451
EPSS Percentile 99.4%

Details

CWE
CWE-94
Status published
Products (1)
phpmyadmin/phpmyadmin 3.5.2.2
Published Sep 25, 2012
Tracked Since Feb 18, 2026