On September 25th, SourceForge became aware of a corrupted copy of phpMyAdmin being served from the ‘cdnetworks-kr-1′ mirror in Korea. This mirror was immediately removed from rotation.
The mirror provider has confirmed the attack vector has been identified and is limited to their mirror; with exploit having occurred on or around September 22nd.
This corrupted copy of phpMyAdmin included a backdoor which permitted execution of arbitrary commands by the web server user. The notice from phpMyAdmin may be seen at: