Security Flaws Found in Popular Open Source Projects

RESTON, Va. – Security holes in two popular open source projects could put users at risk of cross-site scripting attacks and information theft, researchers warned.

The phpMyAdmin Project has confirmed that vulnerabilities in its application can be exploited to conduct cross-site scripting attacks and disclose sensitive information. First identified by research firm Secunia, the flaws could lead to arbitrary program execution if PHP safe mode is off and external transformations are activated.

Written in PHP, phpMyAdmin is a popular application for managing MySQL databases over the Internet. It is used by programmers to create and drop databases as well as to execute SQL statement and manage keys on fields. The phpMyAdmin Project recommends that users upgrade to the latest version of the application to avoid malicious hacking attacks.

Meanwhile, iDefense Inc. has issued an alert concerning vulnerabilities in phpBB Group’s web forum software that could allow attackers to read the contents of arbitrary system files under the privileges of the underlying web server. The problem was created by an input validation error that allows a remote attacker to control the arguments in a call to copy, thereby uncovering the full path to system files.

phpBB is a scalable, customizable open source bulletin board package that supports popular database servers and unlimited forums and posts.

“An attacker must have, or be able to create an account on the target system,” iDefense warned. "Non-default settings must also be enabled for exploitation to be possible. Upon successful exploitation an attacker may be able to further compromise the system by gleaning system information that would otherwise be inaccessible without authorization."

In response, the phpBB Group has released an updated version of the software that fixes the vulnerabilities.

A group of international PHP experts, including one of the founders of PHP enterprise platform developer Zend Technologies, have banded together and formed a new conglomerate aimed at promoting secure programming practices.

This latest round of security flaws comes just weeks after a group of PHP developers formed the PHP Security Consortium in response to high-profile flaws found in third-party applications, which the group said hurt the credibility of PHP and the growing PHP scripting community.

Copyright © 2024 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More News

Nebraska Legislature Passes Republican's Age Verification Bill With No Votes Against It

Nebraska’s unicameral legislature has passed the state’s version of the age verification bills being sponsored around the country by anti-porn religious conservative activists.

Performers in Meta Blacklisting Lawsuit Seek to Preserve Antitrust Claims

Adult Performance Artists Guild board officers Alana Evans, Kelly Pierce and Ruby have informed a California court that, although they want to drop their lawsuit claiming that Meta conspired with OnlyFans to blacklist rival premium fan platforms’ talent, they may still have antitrust claims that they may pursue in the future.

FSC, Co-Plaintiffs to Ask US Supreme Court to Review Constitutionality of Texas Age Verification Law

Free Speech Coalition (FSC) and its co-plaintiffs in the challenge to Texas’ controversial age verification law have filed a petition before the United States Court of Appeals for the 5th Circuit asking to stay its recent upholding the law because they intend to appeal to the U.S. Supreme Court to review the law’s constitutionality.

FSC Vows to Fight Florida Age Verification Law

Free Speech Coalition (FSC) issued a statement vowing to continue fighting Florida’s age verification law, which was signed by Gov. Ron DeSantis on Monday as part of a comprehensive bill targeting minors’ use of social media.

Kansas Republican Aims to Create New Bureaucracy to 'Investigate' Porn Websites

Republican state legislators succeeded Monday in moving forward Kansas’ version of the age verification bills being sponsored around the country by anti-porn religious conservative activists, despite serious concerns raised by House Democrats about the cost of establishing a new bureaucracy tasked with investigating websites for pornographic content.

SK Intertainment Launches 'Skinfluential Management' Agency, FansFuel Joint Venture

Mr. Skin/Mr. Man parent company SK Intertainment has launched new creator agency Skinfluential Management, as well as a new joint venture with Showbizz Media's creator stats and affiliate marketing platform, FansFuel.

Industry Attorney, Free Speech Champion Clyde DeWitt Passes Away at 75

Noted industry attorney Clyde DeWitt passed away on Friday in Las Vegas at 75, according to friends and colleagues.

APClips Names Avery Jane 'Creator of the Month'

APClips has named Avery Jane its Creator of the Month for March.

JustFor.fans Offers Gumroad Users Platform to Sell NSFW Artwork

JustFor.fans (JFF) is offering Gumroad users a platform to sell NSFW artwork after the latter banned adult content.

Live Cam Academy Offers Free Access to Educational Resources

Live Cam Academy is offering its educational resources for free to content creators and cam models.

Show More