Absolute path traversal vulnerability in nukestyles.com viewpage.php addon for PHP-Nuke allows remote attackers to read arbitrary files via a full pathname in the file parameter. NOTE: This was originally reported as an issue in PHP-Nuke 6.5, but this is an independent addon.
PHP-Nuke has been reported prone to a file disclosure vulnerability when using the viewpage.php addon.
It has been reported that PHP-Nuke may disclose arbitrary web server readable files under certain circumstances.
It should be noted that this issue reportedly affects PHP-Nuke version 6.5 when running a specific configuration, however other versions may also be affected.