PHP Advanced Transfer Manager Remote Unauthorized Access Vulnerability

An exploit is not required.

A GET request in the following manner can be used to exploit this issue:
http://www.example.com/phpATM/users/<username>


 

Privacy Statement
Copyright 2010, SecurityFocus