xbiz world
xbiz premiere

Security Flaws Found in Popular Open Source Projects

RESTON, Va. – Security holes in two popular open source projects could put users at risk of cross-site scripting attacks and information theft, researchers warned.

The phpMyAdmin Project has confirmed that vulnerabilities in its application can be exploited to conduct cross-site scripting attacks and disclose sensitive information. First identified by research firm Secunia, the flaws could lead to arbitrary program execution if PHP safe mode is off and external transformations are activated.

Written in PHP, phpMyAdmin is a popular application for managing MySQL databases over the Internet. It is used by programmers to create and drop databases as well as to execute SQL statement and manage keys on fields. The phpMyAdmin Project recommends that users upgrade to the latest version of the application to avoid malicious hacking attacks.

Meanwhile, iDefense Inc. has issued an alert concerning vulnerabilities in phpBB Group’s web forum software that could allow attackers to read the contents of arbitrary system files under the privileges of the underlying web server. The problem was created by an input validation error that allows a remote attacker to control the arguments in a call to copy, thereby uncovering the full path to system files.

phpBB is a scalable, customizable open source bulletin board package that supports popular database servers and unlimited forums and posts.

“An attacker must have, or be able to create an account on the target system,” iDefense warned. "Non-default settings must also be enabled for exploitation to be possible. Upon successful exploitation an attacker may be able to further compromise the system by gleaning system information that would otherwise be inaccessible without authorization."

In response, the phpBB Group has released an updated version of the software that fixes the vulnerabilities.

A group of international PHP experts, including one of the founders of PHP enterprise platform developer Zend Technologies, have banded together and formed a new conglomerate aimed at promoting secure programming practices.

This latest round of security flaws comes just weeks after a group of PHP developers formed the PHP Security Consortium in response to high-profile flaws found in third-party applications, which the group said hurt the credibility of PHP and the growing PHP scripting community.

Copyright © 2026 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More News

2026 XBIZ Miami Conference Schedule Announced

XBIZ is pleased to announce the release of the full show schedule for XBIZ Miami, set to take place May 11-14 at the Goodtime Hotel in South Beach.

UPDATED: Utah VPN Rule Enforcement Paused in Aylo Lawsuit

Provisions of a new Utah law making adult websites liable if minors in the state circumvent geolocation efforts to bypass age verification, which were set to come into force on Wednesday, have been put on hold until Sept. 3.

JustFor.fans Launches 'JFF Create' iPhone App

JustFor.fans (JFF) has launched its new iPhone creator management app, JFF Create.

ShootXEvents Joins ASACP as Media Sponsor

ShootXEvents has signed on as an in-kind media sponsor for the Association of Sites Advocating Child Protection (ASACP).

Pornhub Unblocks UK Users on iOS Devices, Citing Apple AV Effectiveness

Pornhub parent company Aylo on Tuesday announced that users in the United Kingdom will once again be able to access the popular site if they are using Apple devices and have confirmed their age through Apple’s U.K. age-verification process.

FSC Launches 'Know Your Rights' 1st Amendment Resource Page

The Free Speech Coalition (FSC) has launched "Know Your Rights," a resource page detailing First Amendment protest guidelines.

Utah VPN Rule for Adult Sites Takes Effect This Week

A new law in Utah comes into force Wednesday, making adult websites liable if minors in the state circumvent geolocation efforts to bypass age verification.

UPDATED: Court Approves Class Action in Labor Claims Against VMG

A U.S. district court has granted class certification in a civil lawsuit filed against Vixen Media Group (VMG) by retired performer Kenzie Anne, making it possible for additional performers to join in a class action against the company.

Brazil Invites Public Input on Guidelines for New Digital Law

Brazil’s National Data Protection Authority (ANPD) is soliciting public comments to help improve interpretation and application of the country’s Digital Statute for Children and Adolescents (Digital ECA), which requires adult websites to age-verify users located in Brazil.

X3 Expo Unveils Euro All-Stars for Inaugural Amsterdam Edition

X3 Expo, Hollywood's premier adult entertainment expo, makes its European debut at Passenger Terminal Amsterdam Sept. 11-12, bringing together fans, creators, and industry insiders for the Continent’s largest assembly of adult entertainment stars, alongside a dazzling lineup of attractions spotlighting the cutting edge of modern media and pleasure tech.

Show More