PHP Advanced Transfer Manager (phpATM) 1.21 allows remote attackers to upload arbitrary files via filenames containing multiple file extensions, as demonstrated using a filename ending in "php.ns", which allows execution of arbitrary PHP code.

Threat-Mapped Scoring

Score: 0.0

Priority: Unclassified

EPSS

Score: 0.07806
Percentile: 0.91543

CVSS Scoring

Affected Products

• cpe:2.3:a:bugada_andrea:php_advanced_transfer_manager:1.21:*:*:*:*:*:*:*

← Back to Home