Change Details

##Abstract When passing specific parameters to a page which displays receipts, Giga shows an error message and prints out an array showing a list of fields, maybe detailing a database structure or some other sort of internal structure. ##Reproduction steps 1. Open [[ http://www2.giga.ub.edu/acad/rebuts/erebut.php?NIUB=%20&NUCO=1 | http://www2.giga.ub.edu/acad/rebuts/erebut.php?NIUB=%20&NUCO=1 ]] (it doesn't matter whether you have logged in). ##Severity of the vulnerability This is not a severe vulnerability, and I don't even think this could be considered as a security vulnerability alone, because it cannot be used to directly exploit the system in any way. Despite this, I think this would allow an attacker to have a better understanding of how the system works internally and it would make it easier for them to find other vulnerabilities. ##What should be done? The array printed should be removed from the page. -------- **This bug is subject to a 90 day disclosure deadline. If 90 days elapse without a broadly available patch, then the bug report will automatically become visible to the public.**

##Abstract When passing specific parameters to a page which displays receipts, Giga shows an error message and prints out an array showing a list of fields, maybe detailing a database structure or some other sort of internal structure. ##Reproduction steps 1. Open [[ http://www2.giga.ub.edu/acad/rebuts/erebut.php?NIUB=%20&NUCO=1 | http://www2.giga.ub.edu/acad/rebuts/erebut.php?NIUB=%20&NUCO=1 ]] (it doesn't matter whether you have logged in). {F1908} ##Severity of the vulnerability This is not a severe vulnerability, and I don't even think this could be considered as a security vulnerability alone, because it cannot be used to directly exploit the system in any way. Despite this, I think this would allow an attacker to have a better understanding of how the system works internally and it would make it easier for them to find other vulnerabilities. ##What should be done? The array printed should be removed from the page. -------- **This bug is subject to a 90 day disclosure deadline. If 90 days elapse without a broadly available patch, then the bug report will automatically become visible to the public.**

##Abstract When passing specific parameters to a page which displays receipts, Giga shows an error message and prints out an array showing a list of fields, maybe detailing a database structure or some other sort of internal structure. ##Reproduction steps 1. Open [[ http://www2.giga.ub.edu/acad/rebuts/erebut.php?NIUB=%20&NUCO=1 | http://www2.giga.ub.edu/acad/rebuts/erebut.php?NIUB=%20&NUCO=1 ]] (it doesn't matter whether you have logged in). {F1908} ##Severity of the vulnerability This is not a severe vulnerability, and I don't even think this could be considered as a security vulnerability alone, because it cannot be used to directly exploit the system in any way. Despite this, I think this would allow an attacker to have a better understanding of how the system works internally and it would make it easier for them to find other vulnerabilities. ##What should be done? The array printed should be removed from the page. -------- **This bug is subject to a 90 day disclosure deadline. If 90 days elapse without a broadly available patch, then the bug report will automatically become visible to the public.**