Vulnerabilities > CVE-2006-4594 - Remote File Include vulnerability in Bugada Andrea PHP Advanced Transfer Manager 1.20

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
bugada-andrea
exploit available
NVD
Published: 2006-09-06
Updated: 2017-10-19

Summary

Multiple PHP remote file inclusion vulnerabilities in PHP Advanced Transfer Manager (phpAtm) 1.21 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the include_location parameter in (1) confirm.php or (2) login.php. NOTE: the include_location parameter to index.php is already covered by CVE-2005-1681.

Vulnerable Configurations

Part Description Count
Application
Bugada_Andrea
2

Exploit-Db

descriptionphpAtm <= 1.21 (include_location) Remote File Include Vulnerabilities. CVE-2006-4594,CVE-2006-4749. Webapps exploit for php platform
fileexploits/php/webapps/2279.txt
idEDB-ID:2279
last seen2016-01-31
modified2006-08-30
platformphp
port
published2006-08-30
reporterKinSize
sourcehttps://www.exploit-db.com/download/2279/
titlephpAtm <= 1.21 include_location Remote File Include Vulnerabilities
typewebapps

References