xbiz world
xbiz premiere

Security Flaws Found in Popular Open Source Projects

RESTON, Va. – Security holes in two popular open source projects could put users at risk of cross-site scripting attacks and information theft, researchers warned.

The phpMyAdmin Project has confirmed that vulnerabilities in its application can be exploited to conduct cross-site scripting attacks and disclose sensitive information. First identified by research firm Secunia, the flaws could lead to arbitrary program execution if PHP safe mode is off and external transformations are activated.

Written in PHP, phpMyAdmin is a popular application for managing MySQL databases over the Internet. It is used by programmers to create and drop databases as well as to execute SQL statement and manage keys on fields. The phpMyAdmin Project recommends that users upgrade to the latest version of the application to avoid malicious hacking attacks.

Meanwhile, iDefense Inc. has issued an alert concerning vulnerabilities in phpBB Group’s web forum software that could allow attackers to read the contents of arbitrary system files under the privileges of the underlying web server. The problem was created by an input validation error that allows a remote attacker to control the arguments in a call to copy, thereby uncovering the full path to system files.

phpBB is a scalable, customizable open source bulletin board package that supports popular database servers and unlimited forums and posts.

“An attacker must have, or be able to create an account on the target system,” iDefense warned. "Non-default settings must also be enabled for exploitation to be possible. Upon successful exploitation an attacker may be able to further compromise the system by gleaning system information that would otherwise be inaccessible without authorization."

In response, the phpBB Group has released an updated version of the software that fixes the vulnerabilities.

A group of international PHP experts, including one of the founders of PHP enterprise platform developer Zend Technologies, have banded together and formed a new conglomerate aimed at promoting secure programming practices.

This latest round of security flaws comes just weeks after a group of PHP developers formed the PHP Security Consortium in response to high-profile flaws found in third-party applications, which the group said hurt the credibility of PHP and the growing PHP scripting community.

Copyright © 2026 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More News

AV Bulletin: Midyear Roundup

Since the U.S. Supreme Court’s decision in Free Speech Coalition v. Paxton, more state age verification laws have been enacted around the United States, as well as proposed at the federal level and in other countries. Meanwhile, lawsuits resulting from AV laws have begun to play out in the courts. This roundup provides an update on the latest news and developments on the age verification front as it impacts the adult industry.

Judge Dismisses Last NCOSE-Backed Suit Over Kansas AV Law

A federal judge on Monday dismissed a lawsuit alleging that adult site SuperPorn violated Kansas’ age verification law, citing lack of jurisdiction after similarly dismissing two related cases earlier this year.

ASACP Updates 'Restricted to Adults' Labeling Resource Page

The Association of Sites Advocating Child Protection (ASACP) has updated its Restricted to Adults (RTA) labeling resource page.

Federal AV Proposal Scores Minor Win in House but Remains in Doubt

A newly announced bipartisan agreement in the U.S. House of Representatives Committee on Energy and Commerce may soon bring a proposed federal age verification law before the full House, but the measure continues to face an uphill battle.

Arizona Governor Vetoes 'Protect Act' With New Consent Provisions

Arizona Governor Kate Hobbs on Friday vetoed HB 2133, the “Protect Act,” which would have imposed new requirements for adult content uploaded online.

Brazil Begins Monitoring 18 Adult Sites for AV Compliance

Brazil’s National Data Protection Authority (ANPD) is now monitoring 18 high-traffic adult websites for compliance with the country’s Digital Statute for Children and Adolescents (Digital ECA), which requires such sites to age-verify users located in Brazil.

Ofcom Fines First Time Videos $100,000 for AV Noncompliance

U.K. media regulator Ofcom on Thursday imposed a fine of 80,000 pounds (more than $100,000) against First Time Videos, which operates FTVGirls.com and FTVMilfs.com, for failing to implement age checks required for compliance with the Online Safety Act.

Curves Ahead: How BBW Creators are Turning Differentiation Into Competitive Advantage

For centuries, curves have been celebrated as a symbol of beauty, sensuality and power. From the soft opulence of Rubens paintings to the glamorous silhouettes of pinup icons, fuller figures have long occupied a place in art, fashion and fantasy.

Woodhull Freedom Foundation to Host Virtual 'Pride' Edition of 'Fact Checked' Series

Woodhull Freedom Foundation is hosting a Pride Month virtual edition of its series “Fact Checked by Woodhull.”

'InMelanin' Relaunches Through PAYSITE

InMelanin.com has officially relaunched through PAYSITE.

Show More