Mauro Sbicego

**Name of the Vulnerable Software and Affected Versions** aquaverde Aquarius CMS versions through 4.3.5 **Description** The issue allows information exposure through log files due to an error in the log-file writer component. **Recommendations** For versions through 4.3.5, update to a version that fixes the error in the log-file writer component to prevent information exposure.

**Name of the Vulnerable Software and Affected Versions** Aquarius CMS versions prior to 4.3.6 **Description** The issue allows Aquarius CMS to write POST and GET parameters, including passwords, to a log file due to an overwriting of configuration parameters under certain circumstances. **Recommendations** For versions prior to 4.3.6, update to version 4.3.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the log files to minimize the risk of sensitive information exposure.