PHP Magazine has a new post today concerning some more of the issues that are plauging several of the popular Open Source applications out there, including phpMyAdmin and phpBB.

Multiple vulnerabilities in two popular open-source projects - phpMyAdmin and phpBB - could put users at risk of cross-site scripting and information disclosure attacks. In a new post on eWeek, Ryan Naraine is reporting that users of the phpMyAdmin application should apply the latest versions of the application to avoid malicious hacking attacks, according to Secunia.

"The phpMyAdmin Project recommends that users upgrade to version 2.6.1-pl1, which contains fixes. The most serious flaws could lead to arbitrary program execution if PHP safe mode is off and external transformations are activated. Written in PHP, phpMyAdmin is a popular Web application for managing MySQL databases over the Web. It is used by administrators to create and drop databases or to execute any SQL statement or manage keys on fields".

For more information on this vulnerability, check out the Secunia advisory with all of the information right at your fingertips. Cross-site scripting attacks are some of the hardest to prevent, and this example is no different.