[原文]login.php in phpGedView 2.65 and earlier allows remote attackers to obtain sensitive information via an HTTP request to login.php that does not contain the required username or password parameters, which causes the information to be leaked in an error message.
PhpGedView login.php Empty Field Information Disclosure
Remote / Network Access
Loss of Confidentiality
phpGedView contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an HTTP request to login.php does not contain the required username or password fields, which will disclose sensitive information resulting in a loss of confidentiality.
Upgrade to version 2.65.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.