PHP Advanced Transfer Manager (phpATM) 1.21 allows remote attackers to upload arbitrary files via filenames containing multiple file extensions, as demonstrated using a filename ending in php.ns, which allows execution of arbitrary PHP code.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Php_advanced_transfer_manager | Bugada_andrea | 1.21 (including) | 1.21 (including) |