The export_index action in myadmin.php for Aztek Forum 4.0 allows remote malicious users to obtain database files, possibly by setting the ATK_ADMIN cookie.
aztek forum aztek forum 4.0