As the title says, heise Security have found a backdoor in the Artmedic CMS system. The interesting question is how this backdoor was implanted - giving the benefit of the doubt it's possible that the development server was compromised and the code injected (the changes date back to the 2nd of May), but on the other hand the developer's not to heise's emails could be indicative of something more sinister.