CVE-2007-2659

Name of the Vulnerable Software and Affected Versions phpATM version 1.30

Description The issue allows remote attackers to read arbitrary files and obtain script source code. This is achieved by exploiting a directory traversal vulnerability in the index.php file, specifically by using a .. (dot dot) in the directory parameter within a downloadfile action.

Recommendations For phpATM version 1.30, consider restricting access to the downloadfile action in the index.php file until a patch is available. As a temporary workaround, avoid using the directory parameter with untrusted input to minimize the risk of exploitation.