CVE-2006-1209
The CVE concerns PHP Advanced Transfer Manager (versions 1.00–1.30). The root cause is insufficient access control that stores sensitive data (including password hashes) under the web root. This enables remote attackers to retrieve password hashes by directly requesting a users/[USERNAME] file. C...