Juan Galiana

**Name of the Vulnerable Software and Affected Versions** OpenBiblio versions 0.5.2-pre4 and earlier **Description** The issue allows remote attackers to obtain configuration information by making a direct request to "phpinfo.php", which calls the `phpinfo()` function. **Recommendations** For OpenBiblio versions 0.5.2-pre4 and earlier, consider restricting access to the "phpinfo.php" file to prevent unauthorized disclosure of configuration information.

**Name of the Vulnerable Software and Affected Versions** OpenBiblio versions 0.5.2-pre4 and earlier **Description** The issue allows remote attackers to obtain sensitive information via direct requests for specific files, including `shared/footer.php`, `circ/mbr fields.php`, and `admin/custom marc form fields.php`. These requests can reveal the path in various error messages. **Recommendations** For OpenBiblio versions 0.5.2-pre4 and earlier, consider restricting access to the sensitive files `shared/footer.php`, `circ/mbr fields.php`, and `admin/custom marc form fields.php` to minimize the risk of exploitation.