PHP Advanced Transfer Manager <= 1.30 Multiple Vulnerabilities

high Nessus Network Monitor Plugin ID 3234

Synopsis

The remote host is vulnerable to multiple attack vectors.

Description

The version of PHP Advanced Transfer Manager on the remote host suffers from multiple information disclosure and cross-site scripting flaws. For example, by calling the text or HTML viewer directly, an unauthenticated attacker can view arbitrary files, possibly even from remote hosts, provided PHP's 'register_globals' setting is enabled. As another example, an attacker can issue a request for '/PATH/users/username' and retrieve sensitive user credentials. In addition, selected PHP settings on the remote host can be disclosed by accessing the 'test.php' script directly.

Solution

Disable PHP's 'register_globals' setting and remove the 'test.php' script.

See Also

http://retrogod.altervista.org/phpatm130.html

Plugin Details

Severity: High

ID: 3234

Family: CGI

Published: 9/20/2005

Updated: 3/6/2019

Nessus ID: 19768

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 7.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 7.3

Temporal Score: 7.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:F/RL:U/RC:X

Vulnerability Information

CPE: cpe:/a:bugada_andrea:php_advanced_transfer_manager

Reference Information

BID: 14883, 15237, 15074, 14887