An access control issue in Dreamer CMS v4.0.1 allows malicious users to download backup files and leak sensitive information.