CVE-2006-1209

Name of the Vulnerable Software and Affected Versions PHP Advanced Transfer Manager versions 1.00 through 1.30

Description The issue allows remote attackers to download sensitive information, including password hashes, due to insufficient access control. This is possible because the sensitive data is stored under the web root, making it accessible via a direct request for a "users/[USERNAME]" file.

Recommendations For PHP Advanced Transfer Manager versions 1.00 through 1.30, consider restricting access to the sensitive files stored under the web root to minimize the risk of exploitation. As a temporary workaround, limit direct requests to the "users/[USERNAME]" file until a proper fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.