[原文]MS Analysis module 2.0 for PHP-Nuke allows remote attackers to obtain sensitive information via a direct request to (1) browsers.php, (2) mstrack.php, or (3) title.php, which reveal the full path in a PHP error message.
MS Analysis for PHP-Nuke title.php Installation Path Disclosure
Remote / Network Access
Loss of Confidentiality
MS Analysis contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker requests the 'title.php' script without arguments, which will disclose the physical path of the web server resulting in a loss of confidentiality.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.