MySQLDumper 1.21b through 1.23 REV227 uses a "Limit GET" statement in the .htaccess authentication mechanism, which allows remote attackers to bypass authentication requirements via HTTP POST requests.
https://exchange.xforce.ibmcloud.com/vulnerabilities/35291
http://www.securityfocus.com/archive/1/472756/100/0/threaded
http://securityreason.com/securityalert/2859
http://archives.neohapsis.com/archives/bugtraq/2007-08/0052.html