[原文]The Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to gain sensitive information via an invalid show parameter to modules.php, which reveals the full path in a PHP error message.
PHP-Nuke Downloads Module show Variable Path Disclosure
Remote / Network Access
Loss of Confidentiality
PHP-Nuke contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a malicious user submits an HTTP request using the variable "show" to elicit an error message from the [victim], which will disclose absolute path information resulting in a loss of confidentiality.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.