DownFile 1.3 allows remote attackers to gain administrator privileges via a direct request to (1) update.php, (2) del.php, and (3) add_form.php.Referenceshttp://www.securityfocus.com/bid/14714http://www.vupen.com/english/advisories/2005/1601http://securitytracker.com/id?1014827http://secunia.com/advisories/16630
