PHP-Nuke 6.5 Addon - 'Viewpage.php' File Disclosure

EDB-ID:

22422




Platform:

PHP

Date:

2003-03-25


source: https://www.securityfocus.com/bid/7191/info

PHP-Nuke has been reported prone to a file disclosure vulnerability when using the viewpage.php addon.

It has been reported that PHP-Nuke may disclose arbitrary web server readable files under certain circumstances.

It should be noted that this issue reportedly affects PHP-Nuke version 6.5 when running a specific configuration, however other versions may also be affected.

http://www.example.com/viewpage.php?file=/etc/passwd