Current Description

The (1) dlback.php and (2) dlback.cgi scripts in Hot Links allow remote attackers to obtain sensitive information and download the database via a direct request with a modified dl parameter.

Basic Data

PublishedMarch 02, 2007
Last ModifiedJune 10, 2020
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-200
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:P/I:N/A:N
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score4.3
Exploitability Score8.6
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.


  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationMrcgiguyHot Links-*******

Vulnerable Software List

Mrcgiguy Hot Links -


20061115 Hot Links download backup authorized vulnerabilities Party Advisory
20061115 Hot Links download backup authorized vulnerabilities (re-post) Party Advisory
22970 Required
21112 Third Party Advisory VDB Entry
ADV-2006-4585 Applicable
hotlinks-dlback-information-disclosure(30340) Party Advisory VDB Entry