CVE-2006-4749 Information

Description

Multiple PHP remote file inclusion vulnerabilities in PHP Advanced Transfer Manager (phpATM) 1.20 allow remote attackers to execute arbitrary PHP code via the include_location parameter in (1) activate.php (2) configure.php (3) fileop.php (4) getimg.php (5) ipblocked.php (6) register.php (7) showrecent.php (8) showtophits.php (9) usrmanag.php (10) viewer_bottom.php (11) viewer_content.php and (12) viewer_top.php. NOTE: The login.php and confirm.php vectors are already covered by CVE-2006-4594.

Reference

http://www.securityfocus.com/archive/1/445742/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/28874