VULHUB ™

It has been reported that CGINews and CGIForum may be prone to an information disclosure vulnerability that may allow an attacker to gain access to sensitive information such as usernames and e-mail addresses. The problem exists because the log files 'username.log' are viewable by any user. CGINews versions 1.07 and CGIForum 1.09 are reported to be vulnerable to this issue, however other versions could be affected as well.

It has been reported that CGINews and CGIForum may be prone to an information disclosure vulnerability that may allow an attacker to gain access to sensitive information such as usernames and e-mail addresses. The problem exists because the log files 'username.log' are viewable by any user. CGINews versions 1.07 and CGIForum 1.09 are reported to be vulnerable to this issue, however other versions could be affected as well.