PHP Advanced Transfer Manager (phpATM) File Upload Arbitrary Command Execution

2005-09-20T10:05:00
ID OSVDB:19530
Type osvdb
Reporter rgod(retrogod@aliceposta.it)
Modified 2005-09-20T10:05:00

Description

Vulnerability Description

PHP Advanced Transfer Manager contains a flaw that may allow a malicious authenticated user to execute arbitrary commands. The issue is triggered by uploading a file with a .inc extension, which is not blocked or sanitized by the system. After uploading, it is possible to directly call the script which will be executed under the privileges as the web server.

Technical Description

An attacker must supply valid administrator authentication credentials in order to exploit this vulnerability.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

PHP Advanced Transfer Manager contains a flaw that may allow a malicious authenticated user to execute arbitrary commands. The issue is triggered by uploading a file with a .inc extension, which is not blocked or sanitized by the system. After uploading, it is possible to directly call the script which will be executed under the privileges as the web server.

References:

Vendor URL: http://phpatm.free.fr/ Security Tracker: 1014930 Secunia Advisory ID:16867 Related OSVDB ID: 19524 Related OSVDB ID: 19526 Related OSVDB ID: 19529 Related OSVDB ID: 19523 Related OSVDB ID: 19528 Related OSVDB ID: 19532 Related OSVDB ID: 19533 Related OSVDB ID: 19525 Related OSVDB ID: 19527 Related OSVDB ID: 19531 Other Advisory URL: http://rgod.altervista.org/phpatm130.html