CVE-2006-4594
Affected product/versions: PHP Advanced Transfer Manager (phpATM) 1.21 and earlier. Vulnerability: Multiple remote PHP file inclusion via the include_location parameter in (1) confirm.php and (2) login.php, allowing remote code execution. The index.php vector is already covered by CVE-2005-1681. ...