PunBB 1.2.9, when used alone or with F-ART BLOG:CMS, includes config.php before calling the unregister_globals function, which allows attackers to obtain unspecified sensitive information.Referenceshttp://secunia.com/advisories/17433http://www.punbb.org/changelogs/1.2.9_to_1.2.10.txthttp://www.securityfocus.com/bid/15328http://secunia.com/advisories/17425
