RSS   Podatności dla 'Php-proxy'   RSS

2018-11-30
 
CVE-2018-19785

CWE-79
 

 
PHP-Proxy through 5.1.0 has Cross-Site Scripting (XSS) via the URL field in index.php.

 
 
CVE-2018-19784

CWE-326
 

 
The str_rot_pass function in vendor/atholn1600/php-proxy/src/helpers.php in PHP-Proxy 5.1.0 uses weak cryptography, which makes it easier for attackers to calculate the authorization data needed for local file inclusion.

 
2018-11-22
 
CVE-2018-19458

CWE-287
 

 
In PHP Proxy 3.0.3, any user can read files from the server without authentication due to an index.php?q=file:/// LFI URI, a different vulnerability than CVE-2018-19246.

 
2018-11-13
 
CVE-2018-19246

CWE-200
 

 
PHP-Proxy 5.1.0 allows remote attackers to read local files if the default "pre-installed version" (intended for users who lack shell access to their web server) is used. This occurs because the aeb067ca0aa9a3193dce3a7264c90187 app_key value from the default config.php is in place, and this value can be easily used to calculate the authorization data needed for local file inclusion.

 


Copyright 2024, cxsecurity.com

 

Back to Top