(1) admin/adminlien.php3 and (2) admin/modif.php3 in liens_dynamiques 2.1 do not require authentication, which allows remote attackers to perform unauthorized administrative actions using a direct request.Referenceshttp://osvdb.org/33541http://www.securityfocus.com/archive/1/456986/100/0/threadedhttp://www.securityfocus.com/bid/22068http://osvdb.org/33542
