Description
login.php in PHPFusion (aka PHP-Fusion) Andromeda 9.x before 2020-12-30 generates error messages that distinguish between incorrect username and incorrect password (i.e., not a single "Incorrect username or password" message in both cases), which might allow enumeration.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Migrate DB Security Bypass (0.6)
WordPress Plugin Better Font Awesome Cross-Site Scripting (2.0.3)
Drupal Insufficient Verification of Data Authenticity Vulnerability (CVE-2016-9450)
MySQL CVE-2022-21287 Vulnerability (CVE-2022-21287)
WordPress Plugin Simple Banner Cross-Site Scripting (2.10.3)