CVE-2006-4749 in PHP Advanced Transfer Manager信息

摘要

由 VulDB • 2026-06-10

PHP Advanced Transfer Manager (phpATM) 1.20 中存在多个 PHP 远程文件包含漏洞,远程攻击者可通过 (1) activate.php、(2) configure.php、(3) fileop.php、(4) getimg.php、(5) ipblocked.php、(6) register.php、(7) showrecent.php、(8) showtophits.php、(9) usrmanag.php、(10) viewer_bottom.php、(11) viewer_content.php 和 (12) viewer_top.php 中的 include_location 参数执行任意 PHP 代码。注意:login.php 和 confirm.php 的攻击向量已由 CVE-2006-4594 覆盖。

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

来源

Do you want to use VulDB in your project?

Use the official API to access entries easily!