When passing specific parameters to a page which displays receipts, Giga shows an error message and prints out an array showing a list of fields, maybe detailing a database structure or some other sort of internal structure.
1. Open [[ http://www2.giga.ub.edu/acad/rebuts/erebut.php?NIUB=%20&NUCO=1 | http://www2.giga.ub.edu/acad/rebuts/erebut.php?NIUB=%20&NUCO=1 ]] (it doesn't matter whether you have logged in).
##Severity of the vulnerability
This is not a severe vulnerability, and I don't even think this could be considered as a security vulnerability alone, because it cannot be used to directly exploit the system in any way. Despite this, I think this would allow an attacker to have a better understanding of how the system works internally and it would make it easier for them to find other vulnerabilities.
##What should be done?
The array printed should be removed from the page.
**This bug is subject to a 90 day disclosure deadline. If 90 days elapse without a broadly available patch, then the bug report will automatically become visible to the public.**