phptonuke.php in myPHPNuke 1.8.8 allows remote malicious users to read arbitrary files via a full pathname in the filnavn variable.
myphpnuke myphpnuke 1.8.8