Postnuke CVE-2007-0385 Information Disclosure Vulnerability

Postnuke CVE-2007-0385 Information Disclosure Vulnerability

Postnuke is prone to a information disclosure vulnerability. The faq section in PostNuke 0.764 allows remote attackers to obtain sensitive information (the full path) via "unvalidated output" in FAQ/index.php, possibly involving an undefined id_cat variable.