The faq section in PostNuke 0.764 allows remote malicious users to obtain sensitive information (the full path) via "unvalidated output" in FAQ/index.php, possibly involving an undefined id_cat variable.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
postnuke software foundation postnuke 0.764 |