PHP-Nuke 7.4 has a cross site scripting flaw that allows an attacker the ability to view admin account information. It is an old bug that has a patch that can be bypassed if the data is sent via a POST instead of a GET.
0a2035b56855d79436e78d364d0652febcd135bfc23ada43fefd055e73b5d43b