Athlon1600 Php-Proxy vulnerabilities
2 known vulnerabilities affecting athlon1600/php-proxy.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH2
Vulnerabilities
Page 1 of 1
CVE-2018-19246P2HIGHPoC≥ 0, ≤ 5.1.02022-05-14
CVE-2018-19246 [HIGH] CWE-200 LFI in PHP-Proxy 5.1.0
LFI in PHP-Proxy 5.1.0
PHP-Proxy 5.1.0 allows remote attackers to read local files if the default "pre-installed version" (intended for users who lack shell access to their web server) is used. This occurs because the `aeb067ca0aa9a3193dce3a7264c90187` app_key value from the default config.php is in place, and this value can be easily used to calculate the authorization data needed for local file inclusion.
ghsaosv
CVE-2018-19784P3HIGH≥ 0, ≤ 5.1.02022-05-13
CVE-2018-19784 [HIGH] CWE-326 Weak Cryptography in PHP-Proxy
Weak Cryptography in PHP-Proxy
The [str_rot_pass](https://github.com/Athlon1600/php-proxy/blob/9cc42804ddafa079b86b947e4dd83852edddffca/src/helpers.php#L66) function in vendor/atholn1600/php-proxy/src/helpers.php in PHP-Proxy 5.1.0 uses weak cryptography, which makes it easier for attackers to calculate the authorization data needed for local file inclusion.
ghsaosv