PunBB 1.2.9, when used alone or with F-ART BLOG:CMS, includes config.php before calling the unregister_globals function, which allows attackers to obtain unspecified sensitive information.
http://www.securityfocus.com/bid/15328
http://www.punbb.org/changelogs/1.2.9_to_1.2.10.txt