source: http://www.securityfocus.com/bid/36171/info

PHP-Fusion is prone to multiple information-disclosure vulnerabilities.

Attackers can exploit these issues to harvest sensitive information that may lead to further attacks. 

The following example URIs are available:

http://www.example.com/members.php?sortby[]=A
http://www.example.com/messages.php?folder[]=inbox