Description
login.php in PHPFusion (aka PHP-Fusion) Andromeda 9.x before 2020-12-30 generates error messages that distinguish between incorrect username and incorrect password (i.e., not a single "Incorrect username or password" message in both cases), which might allow enumeration.
Remediation
References
Related Vulnerabilities
WordPress Plugin WordPress Download Manager Multiple Vulnerabilities (2.8.7)
WordPress Plugin ChimpMate-WordPress MailChimp Assistant Local File Inclusion (1.3.2)
WordPress Plugin rtMedia for WordPress, BuddyPress and bbPress Unspecified Vulnerability (3.7.18)
Jenkins Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2014-3666)