[原文]modules.php in PHP-Nuke Video Gallery Module 0.1 Beta 5 allows remote attackers to gain sensitive information via an HTTP request with an invalid (1) catid or (2) clipid parameter, which reveals the full path in an error message.
PHP-Nuke Video Gallery Module Multiple Variable Path Disclosure
Remote / Network Access
Loss of Confidentiality
The Video Gallery module for PHP-Nuke contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker provides invalid input to multiple variables of the 'Video_Gallery' module, which will disclose the full installation path resulting in a loss of confidentiality.
Upgrade to version 0.1.beta6 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.