CVE-2018-19246
published 2018-11-13CVE-2018-19246: PHP-Proxy 5.1.0 allows remote attackers to read local files if the default "pre-installed version" (intended for users who lack shell access to their web…
PriorityP261high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
21.95%
97.4th percentile
PHP-Proxy 5.1.0 allows remote attackers to read local files if the default "pre-installed version" (intended for users who lack shell access to their web server) is used. This occurs because the aeb067ca0aa9a3193dce3a7264c90187 app_key value from the default config.php is in place, and this value can be easily used to calculate the authorization data needed for local file inclusion.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| athlon1600 | php-proxy | 0 – 5.1.0 | — |
| athlon1600 | php-proxy-app | 0 – 3.0 | — |
| php-proxy | php-proxy | — | — |
| php-proxy | php-proxy | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect LFI attempts against PHP-Proxy by monitoring GET requests to index.php with the 'q' parameter containing a file:/// URI scheme or an encrypted string resolving to local file paths. ↗
- →A successful exploitation response will contain the contents of /etc/passwd; match on the regex pattern 'root:.*:0:0:' in the HTTP response body. ↗
- ·CVE-2018-19246 (PHP-Proxy 5.1.0, encrypted q parameter) is a distinct vulnerability from CVE-2018-19458 (PHP-Proxy 3.0.3, plaintext file:/// URI in q parameter). Detection rules should account for both attack patterns if both versions may be present. ↗
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
ghsa7.5HIGH
osv7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
LFI in PHP-Proxy 5.1.0
ghsa·2022-05-14
CVE-2018-19246 [HIGH] CWE-200 LFI in PHP-Proxy 5.1.0
LFI in PHP-Proxy 5.1.0
PHP-Proxy 5.1.0 allows remote attackers to read local files if the default "pre-installed version" (intended for users who lack shell access to their web server) is used. This occurs because the `aeb067ca0aa9a3193dce3a7264c90187` app_key value from the default config.php is in place, and this value can be easily used to calculate the authorization data needed for local file inclusion.
GHSA
Unauthenticated File Read in PHP Proxy
ghsa·2022-05-14·CVSS 7.5
CVE-2018-19458 [HIGH] CWE-287 Unauthenticated File Read in PHP Proxy
Unauthenticated File Read in PHP Proxy
In PHP Proxy 3.0.3, any user can read files from the server without authentication due to an `index.php?q=file:///` LFI URI, a different vulnerability than CVE-2018-19246.
OSV
Unauthenticated File Read in PHP Proxy
osv·2022-05-14·CVSS 7.5
CVE-2018-19458 [HIGH] Unauthenticated File Read in PHP Proxy
Unauthenticated File Read in PHP Proxy
In PHP Proxy 3.0.3, any user can read files from the server without authentication due to an `index.php?q=file:///` LFI URI, a different vulnerability than CVE-2018-19246.
OSV
LFI in PHP-Proxy 5.1.0
osv·2022-05-14
CVE-2018-19246 [HIGH] LFI in PHP-Proxy 5.1.0
LFI in PHP-Proxy 5.1.0
PHP-Proxy 5.1.0 allows remote attackers to read local files if the default "pre-installed version" (intended for users who lack shell access to their web server) is used. This occurs because the `aeb067ca0aa9a3193dce3a7264c90187` app_key value from the default config.php is in place, and this value can be easily used to calculate the authorization data needed for local file inclusion.
No detection rules found.
Exploit-DB
PHP-Proxy 5.1.0 - Local File Inclusion
exploitdb·2018-11-15·CVSS 7.5
CVE-2018-19246 [HIGH] PHP-Proxy 5.1.0 - Local File Inclusion
PHP-Proxy 5.1.0 - Local File Inclusion
---
# Exploit Title: PHP-Proxy 5.1.0 - Local File Inclusion
# Date: 2018-11-13
# Exploit Author: Ameer Pornillos
# Contact: https://ethicalhackers.club
# Vendor Homepage: https://www.php-proxy.com/
# Software Link: https://www.php-proxy.com/download/php-proxy.zip
# Version: 5.1.0
# Category: Webapps
# Tested on: XAMPP on Win10_x64
# Description: Downloadable pre-installed version of PHP-Proxy 5.1.0
# make use of a default app_key wherein can be used for local file inclusion
# attacks. This can be used to generate encrypted string which
# can gain access to arbitrary local files in the server.
# http://php-proxy-site/index.php?q=[encrypted_string_value]
# CVE: CVE-2018-19246
# POC:
# 1)
# Generate encrypted string value using the PHP script below
#
Nuclei
PHP Proxy 3.0.3 - Local File Inclusion
nuclei·CVSS 7.5
CVE-2018-19458 [HIGH] PHP Proxy 3.0.3 - Local File Inclusion
PHP Proxy 3.0.3 - Local File Inclusion
PHP Proxy 3.0.3 is susceptible to local file inclusion vulnerabilities that allow unauthenticated users to read files from the server via index.php?q=file:/// (a different vulnerability than CVE-2018-19246).
Template:
id: CVE-2018-19458
info:
name: PHP Proxy 3.0.3 - Local File Inclusion
author: daffainfo
severity: high
description: |
PHP Proxy 3.0.3 is susceptible to local file inclusion vulnerabilities that allow unauthenticated users to read files from the server via index.php?q=file:/// (a different vulnerability than CVE-2018-19246).
impact: |
Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information, remote code execution, and potential compromise of the affected system.
remediation: |
Upgrade PHP
No writeups or analysis indexed.
2018-11-13
Published