cbcvebase.
CVE-2018-19458
published 2018-11-22

CVE-2018-19458: In PHP Proxy 3.0.3, any user can read files from the server without authentication due to an index.php?q=file:/// LFI URI, a different vulnerability than…

PriorityP264high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
32.88%
98.1th percentile
In PHP Proxy 3.0.3, any user can read files from the server without authentication due to an index.php?q=file:/// LFI URI, a different vulnerability than CVE-2018-19246.

Affected

2 ranges
VendorProductVersion rangeFixed in
athlon1600php-proxy-app0 – 3.0
php-proxyphp-proxy

Detection & IOCsextracted from sources · hover to see the quote

url/index.php?q=file:///etc/passwd
path/index.php?q=file:///
  • HTTP 200 responses to requests matching /index.php?q=file:/// that contain passwd-file patterns (e.g., root:.*:0:0:) confirm successful LFI exploitation.
  • ·This is a distinct vulnerability from CVE-2018-19246, which also affects PHP Proxy 3.0.3. Detection rules should account for both CVEs separately to avoid conflation.

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
ghsa7.5HIGH
osv7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.