Php-Proxy: >> Php-Proxy Security Vulnerabilities
The str_rot_pass function in vendor/atholn1600/php-proxy/src/helpers.php in PHP-Proxy 5.1.0 uses weak cryptography, which makes it easier for attackers to calculate the authorization data needed for local file inclusion.
CVSS Score
7.5
EPSS Score
0.002
Published
2018-12-01
PHP-Proxy through 5.1.0 has Cross-Site Scripting (XSS) via the URL field in index.php.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-12-01
In PHP Proxy 3.0.3, any user can read files from the server without authentication due to an index.php?q=file:/// LFI URI, a different vulnerability than CVE-2018-19246.
CVSS Score
7.5
EPSS Score
0.8
Published
2018-11-22
PHP-Proxy 5.1.0 allows remote attackers to read local files if the default "pre-installed version" (intended for users who lack shell access to their web server) is used. This occurs because the aeb067ca0aa9a3193dce3a7264c90187 app_key value from the default config.php is in place, and this value can be easily used to calculate the authorization data needed for local file inclusion.
CVSS Score
7.5
EPSS Score
0.469
Published
2018-11-13