https://www.exploit-db.com/exploits/22422

Absolute path traversal vulnerability in nukestyles.com viewpage.php addon for PHP-Nuke allows remote attackers to read arbitrary files via a full pathname in the file parameter. NOTE: This was originally reported as an issue in PHP-Nuke 6.5, but this is an independent addon.

source: http://www.securityfocus.com/bid/7191/info

PHP-Nuke has been reported prone to a file disclosure vulnerability when using the viewpage.php addon.

It has been reported that PHP-Nuke may disclose arbitrary web server readable files under certain circumstances.

It should be noted that this issue reportedly affects PHP-Nuke version 6.5 when running a specific configuration, however other versions may also be affected.

http://www.example.com/viewpage.php?file=/etc/passwd

resource:
hyperlink:http://www.securityfocus.com/archive/1/316198/30/25340/threaded
resource:
hyperlink:http://www.securityfocus.com/archive/1/316233/30/25340/threaded
resource:
hyperlink:http://www.securityfocus.com/archive/1/316327/30/25340/threaded
resource:
hyperlink:http://www.securityfocus.com/archive/1/316341/30/25310/threaded
resource:Exploit
hyperlink:http://www.securityfocus.com/archive/1/archive/1/316179/30/25340/threaded
resource:
hyperlink:http://www.securityfocus.com/archive/1/archive/1/316209/30/25340/threaded
resource:
hyperlink:http://www.securityfocus.com/archive/1/archive/1/316585/30/25310/threaded
resource:
hyperlink:http://www.securityfocus.com/bid/7191
resource:
hyperlink:http://www.securitytracker.com/id?1006377