Is this file suspicious?

[Lagman]

Hi there,

We have turned on website monitoring and getting this alert: A suspicious file has been found on your system disk. It would be best for you first to confirm that the file meets the legal regulations and proceed.

 

The company that designed and set up the website doesn't exist any more. It looks like a PHP code. I am not sure what it does. Is it safe to leave the file on the website or remote it?

The content of the file is as follows:

 

<?php
/* vim: set expandtab sw=4 ts=4 sts=4: */
/**
 *
 * @package PhpMyAdmin
 */

/**
 * Gets some core libraries
 */
require_once 'libraries/common.inc.php';
require 'libraries/StorageEngine.class.php';

/**
 * Validate vulnerable POST parameters
 */
if (! PMA_isValid($_POST['pdf_page_number'], 'numeric')) {
    die('Attack stopped');
}

/**
 * get all variables needed for exporting relational schema
 * in $cfgRelation
 */
$cfgRelation = PMA_getRelationsParam();

require_once 'libraries/transformations.lib.php';
require_once 'libraries/Index.class.php';
require_once 'libraries/schema/Export_Relation_Schema.class.php';

/**
 * get all the export options and verify
 * call and include the appropriate Schema Class depending on $export_type
 * default is PDF
 */

$post_params = array(
    'all_tables_same_width',
    'chpage',
    'db',
    'do',
    'export_type',
    'orientation',
    'paper',
    'names',
    'pdf_page_number',
    'show_color',
    'show_grid',
    'show_keys',
    'show_table_dimension',
    'with_doc'
);
foreach ($post_params as $one_post_param) {
    if (isset($_POST[$one_post_param])) {
        $GLOBALS[$one_post_param] = $_POST[$one_post_param];
    }
}

if (! isset($export_type) || ! preg_match('/^[a-zA-Z]+$/', $export_type)) {
    $export_type = 'pdf';
}
PMA_DBI_select_db($db);

$path = PMA_securePath(ucfirst($export_type));
if (!file_exists('libraries/schema/' . $path . '_Relation_Schema.class.php')) {
    PMA_Export_Relation_Schema::dieSchema(
        $_POST['chpage'],
        $export_type,
        __('File doesn\'t exist')
    );
}
require "libraries/schema/".$path.'_Relation_Schema.class.php';

$obj_schema = eval("new PMA_".$path."_Relation_Schema();");
 

Edited August 22, 2023 by requinix
title

[requinix]

There's no way we can tell you whether this file meets "legal regulations" and, since we don't know anything about you, all we can do to judge whether the file is safe is to venture guesses.

It appears to be a valid file, even if it does some risky things - the scanner may have noticed the "eval" at the bottom, which allows executing arbitrary code - and follows some outdated and discouraged practices, and it does not appear to be malicious.

You should confirm that the file hasn't been modified recently: something like this should not have received any recent modifications, and likely would be dated to the same time frame as many other files on the site.

[requinix]

2 minutes ago, requinix said:

the scanner may have noticed the "eval" at the bottom, which allows executing arbitrary code

If the scanner cannot be told to ignore this warning, there is a minor modification you can make to the code that I suspect will "resolve" it...

[Lagman]

I appreciate the prompt reply. This file date has not changed. It's the same as all the other files in the folder.