The modload op in the Reviews module for PostNuke 0.760-RC3 allows remote attackers to obtain sensitive information via an invalid id parameter, which reveals the path in a PHP error message.
https://exchange.xforce.ibmcloud.com/vulnerabilities/20020
http://securitytracker.com/id?1013670