Oosman-Rako

**Name of the Vulnerable Software and Affected Versions** Php-Fusion versions 9.03.90 through 9.10.00 **Description** The issue allows authenticated attackers to cause a Distributed Denial of Service via the Polling feature. **Recommendations** For Php-Fusion versions 9.03.90 through 9.09.99, update to version 9.10.00 to resolve the issue. At the moment, there is no information about additional mitigation measures for this issue.

Name of the Vulnerable Software and Affected Versions: PHPFusion (aka PHP-Fusion) Andromeda versions 9.x before 2020-12-30 Description: The issue arises from the `login.php` file generating distinct error messages for incorrect usernames and passwords, rather than a unified message. This distinction might allow for enumeration. Recommendations: For PHPFusion (aka PHP-Fusion) Andromeda versions 9.x before 2020-12-30, update to a version released after 2020-12-30 to resolve the issue. As a temporary workaround, consider modifying the `login.php` file to display a single, unified error message for both incorrect usernames and passwords, thus preventing potential enumeration.