Description
login.php in PHPFusion (aka PHP-Fusion) Andromeda 9.x before 2020-12-30 generates error messages that distinguish between incorrect username and incorrect password (i.e., not a single "Incorrect username or password" message in both cases), which might allow enumeration.
Remediation
References
Related Vulnerabilities
TYPO3 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-4627)
WordPress Plugin Social Like Box and Page by WpDevArt Cross-Site Scripting (0.8.40)
WordPress Plugin CopySafe Web Protection Cross-Site Request Forgery (2.5)
Oracle Database Server CVE-2006-5335 Vulnerability (CVE-2006-5335)