Unrated severityNVD Advisory· Published Mar 5, 2008· Updated Jun 16, 2026
CVE-2008-1166
CVE-2008-1166
Description
Flyspray 0.9.9.4 generates different error messages depending on whether the username is valid or invalid, which allows remote attackers to enumerate usernames.
Affected products
6cpe:2.3:a:flyspray:flyspray:0.9.9:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:flyspray:flyspray:0.9.9:*:*:*:*:*:*:*
- cpe:2.3:a:flyspray:flyspray:0.9.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:flyspray:flyspray:0.9.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:flyspray:flyspray:0.9.9.3:*:*:*:*:*:*:*
- cpe:2.3:a:flyspray:flyspray:0.9.9.4:*:*:*:*:*:*:*
- (no CPE)range: = 0.9.9.4
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.