Home > News > Major PHP Security Flaws Patched • Bookmark   • Newsletters   • Register Search Options


Major PHP Security Flaws Patched

Major PHP Security Flaws Patched
Get XBIZ News
Dec 21, 2004 3:46 PM PST    Text size: 
CYBERSPACE — Several major security flaws in the PHP scripting language were successfully patched this week, plugging up holes that could have allowed attackers to gain control of a server that used the server-side language.

“All users of PHP are strongly encouraged to upgrade to one of these releases as soon as possible,” the PHP Group, a community of software developers who put out official releases of the scripting language, said on its website.

PHP: Hypertext Preprocessing, which allows web pages to generate dynamic content and interact with databases, is often used by bloggers and content management applications.

The new patched versions of PHP, 4.3.10 and 5.0.3, available on the PHP Group’s website address a list of six bugs, including several serious security flaws, which was announced last week by the Hardened-PHP team.

Among the problems mentioned in the group’s list were two errors with the language’s variable unserializer that allowed attackers to execute arbitrary code and to craft strings that could pass execution to shellcode contained within the string itself.

“It is strongly recommended to upgrade to the new PHP releases as soon as possible,” said Hardened-PHP. “A lot of PHP applications expose the easy to exploit unserialize() vulnerability to remote attackers.”

Some of the vulnerable applications built using the scripting languages and identified as vulnerable by the Hardened-PHP group include phpBB2, Invision Board, vBulletin, Woltlab Burning Board 2.x, Serendipity Weblog, phpAds and others.

Bulletin board software phpBB is also currently under attack by the Santy.a worm because of bugs contained within its code that effectively allows SQL injection exploits.

In addition to releasing the vulnerabilities to the PHP-using community, Hardened-PHP also offers its own security-harden version of the language.

Patches for the PHP vulnerabilities are available here.

More ways to get XBIZ News:  RSS Feeds  |  E-Newsletters  |  Desktop Widget  |  Mobile
Looking for porn star news and behind-the-scene videos? Check out XFANZ.com !


Adult Biz Faces More Obstacles Past Prop. 60 Battle

On Feb. 1, I completed 365 days as the Free Speech Coalition’s executive director. It was a turbulent first year, and when I received the 2017 XBIZ Industry Leadership Award I was startled, humbled... More »

Ad Networks: A Look at Compliance Issues

Among the major concerns of online marketers when evaluating advertising creatives are the return on investment, click-through and engagement rates, (re)targeting and opportunities for micro-tuning monetization.... More »

Ad Networks: Maximizing Precious Time and Resources

For traffic-savvy adult website operators and marketers, buying ad space and premium placement on select sites is a proven method for attracting audiences. This has traditionally involved studying a site’s... More »
Stay informed of the latest industry developments. Get XBIZ newsletters delivered to your inbox. Subscribe today!
Enter email address:

* To manage existing subscriptions click here.

Submit your press release to
multiple news outlets with 1 click.
Subscribe to RSS news feeds or
add free content to your website.
Access XBIZ news and articles
with your mobile device.
Subscribe to XBIZ Premiere magazine, the industry's leading adult retail trade publications, delivering the most timely and comprehensive business news and information to producers and retailers of adult products.



Mar 31 - Apr 02
Denver, CO.

Eurowebtainment 2017

May 17 - May 20
Majorca, Spain

XBIZ Retreat

May 30 - Jun 03
Miami, Florida

XBIZ Miami 2017

May 30 - Jun 02
Miami, Florida
Everyday thousands of business professionals browse XBIZ's industry directory for quality products and services. Not listed yet? Your company could be losing potential new business. Submit your company today!
Use XBIZ RSS feeds to stay informed of the latest industry developments or as a content syndication tool for your website!