2007-02-28 00:00:00
mitre
PUBLISHED
The (1) dlback.php and (2) dlback.cgi scripts in Hot Links allow remote attackers to obtain sensitive information and download the database via a direct request with a modified dl parameter.