xbiz world
xbiz premiere

Security Flaws Found in Popular Open Source Projects

RESTON, Va. – Security holes in two popular open source projects could put users at risk of cross-site scripting attacks and information theft, researchers warned.

The phpMyAdmin Project has confirmed that vulnerabilities in its application can be exploited to conduct cross-site scripting attacks and disclose sensitive information. First identified by research firm Secunia, the flaws could lead to arbitrary program execution if PHP safe mode is off and external transformations are activated.

Written in PHP, phpMyAdmin is a popular application for managing MySQL databases over the Internet. It is used by programmers to create and drop databases as well as to execute SQL statement and manage keys on fields. The phpMyAdmin Project recommends that users upgrade to the latest version of the application to avoid malicious hacking attacks.

Meanwhile, iDefense Inc. has issued an alert concerning vulnerabilities in phpBB Group’s web forum software that could allow attackers to read the contents of arbitrary system files under the privileges of the underlying web server. The problem was created by an input validation error that allows a remote attacker to control the arguments in a call to copy, thereby uncovering the full path to system files.

phpBB is a scalable, customizable open source bulletin board package that supports popular database servers and unlimited forums and posts.

“An attacker must have, or be able to create an account on the target system,” iDefense warned. "Non-default settings must also be enabled for exploitation to be possible. Upon successful exploitation an attacker may be able to further compromise the system by gleaning system information that would otherwise be inaccessible without authorization."

In response, the phpBB Group has released an updated version of the software that fixes the vulnerabilities.

A group of international PHP experts, including one of the founders of PHP enterprise platform developer Zend Technologies, have banded together and formed a new conglomerate aimed at promoting secure programming practices.

This latest round of security flaws comes just weeks after a group of PHP developers formed the PHP Security Consortium in response to high-profile flaws found in third-party applications, which the group said hurt the credibility of PHP and the growing PHP scripting community.

Copyright © 2026 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More News

Brazil Invites Public Input on AV Guidelines

Brazil’s National Data Protection Authority (ANPD) on Friday launched a public consultation on developing guidelines for age verification mechanisms under the country’s Digital Statute for Children and Adolescents (Digital ECA), which requires adult websites to age-verify users located in Brazil.

Paysite Confidential: Inside the Creator Economy's Shift Toward Ownership

For years, the adult industry’s creator economy has been defined by platforms — powerful engines of discovery, monetization and scale that reshaped how performers connect with their audiences.

Senator Urges DOJ to Crack Down on 'Obscenity,' Attacks OnlyFans

U.S. Senator Jim Banks of Indiana this week urged Acting Attorney General Todd Blanche to reestablish the Department of Justice’s defunct Obscenity Prosecution Task Force in a letter that targets OnlyFans while repeatedly conflating “obscenity” with legal adult content.

UN Experts Urge US, Canada to Prosecute Aylo, Others for 'Exploitation'

GENEVA – The United Nations Office of the High Commissioner for Human Rights (OHCHR) has issued a press release in which two U.N. special rapporteurs, cited as experts, accuse Aylo and other companies of complicity in sexual exploitation.

Kickstarter Revokes New Rules Banning Fundraising for Adult Content, Products

Crowdfunding platform Kickstarter announced Tuesday that it has reversed its recent decision to impose new “Mature Content” rules banning projects that involve adult content and sextech.

Report: Irish Justice Minister Seeks UK-Style Ban on 'Extreme' Content

Ireland’s justice minister plans to introduce legislation criminalizing possession and distribution of “extreme” pornography, according to a report by the Irish Independent.

New Kickstarter Rules Ban Fundraising for Adult Content, Products

Crowdfunding platform Kickstarter has posted new “Mature Content” rules banning projects that involve adult content and sextech.

WebGroup Czech Republic Settles Florida AV Suit, Will Pay $1.2 Million

WebGroup Czech Republic (WGCZ), the parent company of XVideos, XNXX, BangBros and GirlsGoneWild, has settled a lawsuit filed by the state of Florida over those sites’ alleged failure to age-verify Florida users before allowing access to adult content.

AEBN Publishes Popular Searches for March, April

AEBN has published the top search terms for March and April from its straight and gay theaters in all 50 states and the District of Columbia.

Ofcom Investigates Two Sites Over Possible AV Violations

U.K. media regulator Ofcom on Wednesday launched investigations into two adult sites as part of its age assurance enforcement program under the Online Safety Act (OSA).

Show More