Authentication flaw
Basic Analysis and Security Engine BASE before 1.3.8 sends a redirect to the web browser but does not exit, which allows remote attackers to bypass authentication via 1 basemain.php, 2 baseqryalert.php, and possibly other vectors...