Home > News > Major PHP Security Flaws Patched • Bookmark   • Newsletters   • Register Search Options


Major PHP Security Flaws Patched

Major PHP Security Flaws Patched
Get XBIZ News
Dec 21, 2004 3:46 PM PST    Text size: 
CYBERSPACE — Several major security flaws in the PHP scripting language were successfully patched this week, plugging up holes that could have allowed attackers to gain control of a server that used the server-side language.

“All users of PHP are strongly encouraged to upgrade to one of these releases as soon as possible,” the PHP Group, a community of software developers who put out official releases of the scripting language, said on its website.

PHP: Hypertext Preprocessing, which allows web pages to generate dynamic content and interact with databases, is often used by bloggers and content management applications.

The new patched versions of PHP, 4.3.10 and 5.0.3, available on the PHP Group’s website address a list of six bugs, including several serious security flaws, which was announced last week by the Hardened-PHP team.

Among the problems mentioned in the group’s list were two errors with the language’s variable unserializer that allowed attackers to execute arbitrary code and to craft strings that could pass execution to shellcode contained within the string itself.

“It is strongly recommended to upgrade to the new PHP releases as soon as possible,” said Hardened-PHP. “A lot of PHP applications expose the easy to exploit unserialize() vulnerability to remote attackers.”

Some of the vulnerable applications built using the scripting languages and identified as vulnerable by the Hardened-PHP group include phpBB2, Invision Board, vBulletin, Woltlab Burning Board 2.x, Serendipity Weblog, phpAds and others.

Bulletin board software phpBB is also currently under attack by the Santy.a worm because of bugs contained within its code that effectively allows SQL injection exploits.

In addition to releasing the vulnerabilities to the PHP-using community, Hardened-PHP also offers its own security-harden version of the language.

Patches for the PHP vulnerabilities are available here.

More ways to get XBIZ News:  RSS Feeds  |  E-Newsletters  |  Desktop Widget  |  Mobile
Looking for porn star news and behind-the-scene videos? Check out XFANZ.com !


‘Anything Interactive’ Will Be in Industry’s Future

With the new year upon us, many people focus on resolutions and 92 percent of those who make them don’t succeed in keeping them. Others look towards the future. Looking back to the early years of... More »

Focusing, Again, on Tradeshow Etiquette

I’m very excited to have been asked by XBIZ World to write the third part of my ongoing series of articles on tradeshow etiquette. In Part I of the series, I discussed business cards, substance... More »

Retail Sales Get Boost From Staff Morale Building

My job is, and always has been, to do what is asked of me to the best of my ability. I’ve worn many hats in this company, as it’s not only adult retail but adult nightlife as well. I’ve... More »
Stay informed of the latest industry developments. Get XBIZ newsletters delivered to your inbox. Subscribe today!
Enter email address:

* To manage existing subscriptions click here.

Submit your press release to
multiple news outlets with 1 click.
Subscribe to RSS news feeds or
add free content to your website.
Access XBIZ news and articles
with your mobile device.
Subscribe to XBIZ World magazine, the industry's leading e-commerce trade publication, delivering in-depth coverage of the online, mobile and ancillary digital markets.


Everything To Do With Sex Show

Jan 20 - Jan 22
Montréal, Québec

Everything To Do With Sex Show

Jan 27 - Jan 29
Halifax, Nova Scotia

The European Summit

Mar 04 - Mar 07
Barcelona-Sitges, Spain

The TEA Show

Mar 05 - Mar 06
Hollywood, CA
Everyday thousands of business professionals browse XBIZ's industry directory for quality products and services. Not listed yet? Your company could be losing potential new business. Submit your company today!
Use XBIZ RSS feeds to stay informed of the latest industry developments or as a content syndication tool for your website!