MySQLDumper 1.21b through 1.23 REV227 uses a "Limit GET" statement in the .htaccess authentication mechanism, which allows remote attackers to bypass authentication requirements via HTTP POST requests.

Cross-site scripting (XSS) vulnerability in sql.php in MysqlDumper 1.21 b6 allows remote attackers to inject arbitrary web script or HTML via the db parameter.