Ali Mohajem

**Name of the Vulnerable Software and Affected Versions** phpATM version 1.30 **Description** The issue allows remote attackers to read arbitrary files and obtain script source code. This is achieved by exploiting a directory traversal vulnerability in the index.php file, specifically by using a .. (dot dot) in the `directory` parameter within a `downloadfile` action. **Recommendations** For phpATM version 1.30, consider restricting access to the `downloadfile` action in the index.php file until a patch is available. As a temporary workaround, avoid using the `directory` parameter with untrusted input to minimize the risk of exploitation.