Tuesday, August 02, 2005

phpATM vulnerability

(7) HIGH: phpATM Remote File Include Vulnerability
phpATM version 1.21 and earlier

Description: phpATM software provides file upload and download functions
for web severs. This software contains a file include vulnerability. An
attacker can pass a PHP file location to the "include_location"
parameter, and execute arbitrary PHP code on the webserver running
phpATM. This flaw has reportedly been exploited in the wild.

Status: phpATM has released version 1.30 that fixes the issue.

Council Site Actions: The affected software and/or configuration is not
in production or widespread use, or is not officially supported at any
of the council sites. They reported that no action was necessary.

Posting by Ingvar
Vendor Homepage
SecurityFocus BID


No comments: