PhpWebGallery 1.7.0 and 1.7.1 allows remote authenticated users with advisor privileges to obtain the real e-mail addresses of other users by editing the user's profile.

More... (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3451)