9 lines
No EOL
482 B
Text
9 lines
No EOL
482 B
Text
source: http://www.securityfocus.com/bid/21112/info
|
|
|
|
Hot Links is prone to an information-disclosure vulnerability because it fails to authenticate the user during specific download requests.
|
|
|
|
An attacker can exploit this issue to retrieve administrative backup files. Information obtained may aid in further attacks.
|
|
|
|
All versions of Hot Links SQL-PHP and Hot Links Pro are vulnerable; other forks may also be affected.
|
|
|
|
http://www.example.com/[path]/dlback.php?dl=fullback |