Bugada Andrea : Security Vulnerabilities, CVEs, CVSS score >= 6
Multiple PHP remote file inclusion vulnerabilities in PHP Advanced Transfer Manager (phpATM) 1.20 allow remote attackers to execute arbitrary PHP code via the include_location parameter in (1) activate.php, (2) configure.php, (3) fileop.php, (4) getimg.php, (5) ipblocked.php, (6) register.php, (7) showrecent.php, (8) showtophits.php, (9) usrmanag.php, (10) viewer_bottom.php, (11) viewer_content.php, and (12) viewer_top.php. NOTE: The login.php and confirm.php vectors are already covered by CVE-2006-4594.
Max CVSS
7.5
EPSS Score
0.65%
Published
2006-09-13
Updated
2018-10-17
Multiple PHP remote file inclusion vulnerabilities in PHP Advanced Transfer Manager (phpAtm) 1.21 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the include_location parameter in (1) confirm.php or (2) login.php. NOTE: the include_location parameter to index.php is already covered by CVE-2005-1681.
Max CVSS
7.5
EPSS Score
0.83%
Published
2006-09-06
Updated
2017-10-19
PHP Advanced Transfer Manager 1.30 has a default password for the administrator user, which allows remote attackers to upload and execute arbitrary PHP files.
Max CVSS
7.5
EPSS Score
0.49%
Published
2005-09-20
Updated
2008-09-05
PHP remote file inclusion vulnerability in common.php in phpATM 1.21, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code via a URL in the include_location parameter to index.php.
Max CVSS
7.5
EPSS Score
6.37%
Published
2005-05-20
Updated
2016-10-18
PHP Advanced Transfer Manager (phpATM) 1.21 allows remote attackers to upload arbitrary files via filenames containing multiple file extensions, as demonstrated using a filename ending in "php.ns", which allows execution of arbitrary PHP code.
Max CVSS
7.5
EPSS Score
9.20%
Published
2005-05-16
Updated
2018-10-19
5 vulnerabilities found