icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

PHP Advanced Transfer Manager <= 1.30 Multiple Vulnerabilities

High

Synopsis

The remote host is vulnerable to multiple attack vectors.

Description

The version of PHP Advanced Transfer Manager on the remote host suffers from multiple information disclosure and cross-site scripting flaws. For example, by calling the text or HTML viewer directly, an unauthenticated attacker can view arbitrary files, possibly even from remote hosts, provided PHP's 'register_globals' setting is enabled. As another example, an attacker can issue a request for '/PATH/users/username' and retrieve sensitive user credentials. In addition, selected PHP settings on the remote host can be disclosed by accessing the 'test.php' script directly.

Solution

Disable PHP's 'register_globals' setting and remove the 'test.php' script.