Unspecified vulnerability in the Post Affiliate Pro (PAP) module for Drupal allows remote authenticated users to read the commissions of other users via unknown attack vectors.
https://exchange.xforce.ibmcloud.com/vulnerabilities/75716
http://www.securityfocus.com/bid/53589