CVE-2018-19458
published 2018-11-22CVE-2018-19458: In PHP Proxy 3.0.3, any user can read files from the server without authentication due to an index.php?q=file:/// LFI URI, a different vulnerability than…
PriorityP264high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
32.88%
98.1th percentile
In PHP Proxy 3.0.3, any user can read files from the server without authentication due to an index.php?q=file:/// LFI URI, a different vulnerability than CVE-2018-19246.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| athlon1600 | php-proxy-app | 0 – 3.0 | — |
| php-proxy | php-proxy | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →HTTP 200 responses to requests matching /index.php?q=file:/// that contain passwd-file patterns (e.g., root:.*:0:0:) confirm successful LFI exploitation. ↗
- ·This is a distinct vulnerability from CVE-2018-19246, which also affects PHP Proxy 3.0.3. Detection rules should account for both CVEs separately to avoid conflation. ↗
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
ghsa7.5HIGH
osv7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Unauthenticated File Read in PHP Proxy
ghsa·2022-05-14·CVSS 7.5
CVE-2018-19458 [HIGH] CWE-287 Unauthenticated File Read in PHP Proxy
Unauthenticated File Read in PHP Proxy
In PHP Proxy 3.0.3, any user can read files from the server without authentication due to an `index.php?q=file:///` LFI URI, a different vulnerability than CVE-2018-19246.
OSV
Unauthenticated File Read in PHP Proxy
osv·2022-05-14·CVSS 7.5
CVE-2018-19458 [HIGH] Unauthenticated File Read in PHP Proxy
Unauthenticated File Read in PHP Proxy
In PHP Proxy 3.0.3, any user can read files from the server without authentication due to an `index.php?q=file:///` LFI URI, a different vulnerability than CVE-2018-19246.
No detection rules found.
Exploit-DB
PHP Proxy 3.0.3 - Local File Inclusion
exploitdb·2018-11-05
CVE-2018-19458 PHP Proxy 3.0.3 - Local File Inclusion
PHP Proxy 3.0.3 - Local File Inclusion
---
# Exploit Title: PHP-Proxy 3.0.3 - Local File Inclusion
# Date: 04.11.2018
# Exploit Author: Özkan Mustafa Akkuş (AkkuS)
# Contact: https://pentest.com.tr
# Vendor Homepage: https://www.php-proxy.com/
# Software Link: https://github.com/Athlon1600/php-proxy-app
# Version: v3.0.3
# Category: Webapps
# Tested on: XAMPP for Linux
# Description: Any user can read files from the server
# without authentication due to an existing LFI in the following path:
# http://target/index.php?q=file:///[FilePath]
# PoC
#!/usr/bin/python
import urllib2, httplib, sys
print "\n[*] PHP-Proxy 3.0.3 LFI PoC By AkkuS"
print "[*] My Blog - https://www.pentest.com.tr\n"
print "[+] usage: python " + __file__ + " http://"
if (len(sys.argv) != 2):
print "[*] Usage: poc.
Nuclei
PHP Proxy 3.0.3 - Local File Inclusion
nuclei·CVSS 7.5
CVE-2018-19458 [HIGH] PHP Proxy 3.0.3 - Local File Inclusion
PHP Proxy 3.0.3 - Local File Inclusion
PHP Proxy 3.0.3 is susceptible to local file inclusion vulnerabilities that allow unauthenticated users to read files from the server via index.php?q=file:/// (a different vulnerability than CVE-2018-19246).
Template:
id: CVE-2018-19458
info:
name: PHP Proxy 3.0.3 - Local File Inclusion
author: daffainfo
severity: high
description: |
PHP Proxy 3.0.3 is susceptible to local file inclusion vulnerabilities that allow unauthenticated users to read files from the server via index.php?q=file:/// (a different vulnerability than CVE-2018-19246).
impact: |
Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information, remote code execution, and potential compromise of the affected system.
remediation: |
Upgrade PHP
2018-11-22
Published