An issue in DirectAdmin v1.680 allows unauthorized attackers to manipulate the page layout and replace the legitimate login interface with arbitrary attacker-controlled content via supplying a crafted GET request.
The web application uses the HTTP GET method to process a request and includes sensitive information in the query string of that request.
