mykdownload.php in MyKtools 2.4 does not require administrative authentication, which allows remote attackers to read a database backup by making a direct request, and then sending an unspecified request to the download page for the backup.
W naszej bazie, znaleźliśmy następujące noty dla tego CVE:
Polish
English