PHP file inclusion vulnerability in user.php in PostNuke 0.703 allows remote attackers to include arbitrary files and possibly execute code via the caselist parameter.
http://www.iss.net/security_center/static/8699.php
http://archives.neohapsis.com/archives/bugtraq/2002-03/0345.html