PostNuke Reviews Module id Variable Path Disclosure
Remote / Network Access
Loss of Confidentiality
PostNuke contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker provides malformed input to the 'id' parameter of the Reviews Module, which will disclose the server installation path resulting in a loss of confidentiality.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.