Security Flaws Found in Popular Open Source Projects

RESTON, Va. – Security holes in two popular open source projects could put users at risk of cross-site scripting attacks and information theft, researchers warned.

The phpMyAdmin Project has confirmed that vulnerabilities in its application can be exploited to conduct cross-site scripting attacks and disclose sensitive information. First identified by research firm Secunia, the flaws could lead to arbitrary program execution if PHP safe mode is off and external transformations are activated.

Written in PHP, phpMyAdmin is a popular application for managing MySQL databases over the Internet. It is used by programmers to create and drop databases as well as to execute SQL statement and manage keys on fields. The phpMyAdmin Project recommends that users upgrade to the latest version of the application to avoid malicious hacking attacks.

Meanwhile, iDefense Inc. has issued an alert concerning vulnerabilities in phpBB Group’s web forum software that could allow attackers to read the contents of arbitrary system files under the privileges of the underlying web server. The problem was created by an input validation error that allows a remote attacker to control the arguments in a call to copy, thereby uncovering the full path to system files.

phpBB is a scalable, customizable open source bulletin board package that supports popular database servers and unlimited forums and posts.

“An attacker must have, or be able to create an account on the target system,” iDefense warned. "Non-default settings must also be enabled for exploitation to be possible. Upon successful exploitation an attacker may be able to further compromise the system by gleaning system information that would otherwise be inaccessible without authorization."

In response, the phpBB Group has released an updated version of the software that fixes the vulnerabilities.

A group of international PHP experts, including one of the founders of PHP enterprise platform developer Zend Technologies, have banded together and formed a new conglomerate aimed at promoting secure programming practices.

This latest round of security flaws comes just weeks after a group of PHP developers formed the PHP Security Consortium in response to high-profile flaws found in third-party applications, which the group said hurt the credibility of PHP and the growing PHP scripting community.

Copyright © 2025 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More News

Cherry Kiss, Derek Kage Cap AEBN's Top Stars for 4th Quarter of 2024

AEBN has revealed its most popular performers in gay and straight theaters for the fourth quarter of 2024.

A Golden Night in Hollywood: 2025 XMAs Shine on Adult Entertainment's Best

To paraphrase the unofficial U.S. Postal Service motto: Neither rain nor cold nor the chaos of natural disasters can stop members of the adult entertainment community from the completion of their appointed duty every January: to honor the artistic and commercial achievements of their peers.

What Changes in DC Could Mean for the Adult Industry

On November 5, 2024, American voters were called to the polls. The results of that election revealed an unquestionably uncomfortable truth for everyone, regardless of party or ideology: the “united” part of United States does not appear to be holding strong.

Byborg Acquires Gamma Entertainment

Luxembourg-based Byborg Enterprises SA has acquired 100% of Canadian adult conglomerate Gamma Entertainment.

Adult Creative Debuts 'Pornful' Website Management Platform

Web design and marketing firm Adult Creative has launched its new Pornful website management platform.

2025 XMA Winners Announced

Winners of the 2025 XMAs were revealed Sunday night during a ceremony hosted by Vanna Bardot and Ryan Reid at the world-famous Hollywood Palladium.

X3 Expo Day 2 Looks at the Industry's Past, and Ahead to Its Future

A gorgeous day in LA saw a massive procession making its way along Sunset Blvd., as hundreds of excited fans headed to the historic Hollywood Palladium for a rendezvous with the galaxy of A-list adult stars awaiting them on Day 2 of the 2025 X3 Expo.

X3 Expo Pops Off With All-Star Lineup

A wave of excited fans cascaded down Sunset Blvd., cresting and breaking with anticipation as they flowed into the historic Hollywood Palladium, where the A-list echelon of the adult world stood ready to greet them, pose with them, chat them up, and showcase the latest in spicy entertainment, as the 2025 X3 Expo popped off.

XBIZ Honors Uplifts Spirits Amid Challenging Times for LA and the Adult Industry

"A bunch of misfit toys." That’s how MojoHost founder Brad Mitchell described himself and his industry peers at the 2025 XBIZ Honors ceremony at Hollywood’s Kimpton Everly Hotel. Everyone cheered in agreement. Frankly, they wouldn’t have it any other way.

Kansas Sues Adult Website Operator Under AV Law

Kansas Attorney General Kris Kobach has filed suit against SARJ LLC, alleging that the company’s adult websites have failed to implement age verification as mandated by state law.

Show More