| VID |
21826 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The phpATM program is vulnerable to multiple vulnerabilities which exist in version 1.21 and earlier versions. PHP Advanced Transfer Manager (phpATM) is a file upload and download manager written in PHP. PHP Advanced Transfer Manager version 1.21 and earlier versions are vulnerable to multiple vulnerabilities, which can be exploited by a remote attacker to include malicious PHP files or to upload arbitrary files. An attacker who successfully exploited the most severe of these vulnerabilities could execute arbitrary code on the affected host with privileges of the Web server process.
* References:
http://www.securityfocus.com/archive/1/397677
http://www.securityfocus.com/archive/1/400248
http://www.securitytracker.com/alerts/2005/May/1014008.html
http://secunia.com/advisories/15279/
* Platforms Affected:
Bugada Andrea, PHP Advanced Transfer Manager version 1.21 and earlier versions
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of PHP Advanced Transfer Manager (1.30 or later), available from the PHP Advanced Transfer Manager Download Web page at http://phpatm.free.fr/downloads.php?lang=en |
| Related URL |
CVE-2005-1604,CVE-2005-1681 (CVE) |
| Related URL |
13542,13691 (SecurityFocus) |
| Related URL |
20640,20672 (ISS) |
|
