mykdownload.php in MyKtools 2.4 does not require administrative authentication, which allows remote malicious users to read a database backup by making a direct request, and then sending an unspecified request to the download page for the backup.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
myktools myktools 2.4 |