Free PHP VX Guestbook 1.06 allows remote attackers to bypass authentication and download a backup of the database via a direct request to admin/backupdb.php.
https://www.exploit-db.com/exploits/6456
https://exchange.xforce.ibmcloud.com/vulnerabilities/45150