Description: A vulnerability has been reported in PostNuke, which can be exploited by malicious people to disclose sensitive information.
Input passed to the "PNSVlang" variable is not properly sanitised before it is used to include files in error.php. This can be exploited to include arbitrary files via directory traversal attacks.
The vulnerability is reported in versions prior to 0.764.
Solution: Update to version 0.764.
Provided and/or discovered by: The vendor credits Kacper.
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
