Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
8 vulnerabilities by php-proxy
CVE-2018-19784 (GCVE-0-2018-19784)
Vulnerability from cvelistv5 – Published: 2018-12-01 00:00 – Updated: 2024-08-05 11:44
VLAI
Summary
The str_rot_pass function in vendor/atholn1600/php-proxy/src/helpers.php in PHP-Proxy 5.1.0 uses weak cryptography, which makes it easier for attackers to calculate the authorization data needed for local file inclusion.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/eddietcc/CVE-Bins/blob/master/… | x_refsource_MISC |
| https://github.com/Athlon1600/php-proxy-app/issues/139 | x_refsource_MISC |
Date Public
2018-11-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:44:20.263Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/eddietcc/CVE-Bins/blob/master/PHP-Proxy/readme.md"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Athlon1600/php-proxy-app/issues/139"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The str_rot_pass function in vendor/atholn1600/php-proxy/src/helpers.php in PHP-Proxy 5.1.0 uses weak cryptography, which makes it easier for attackers to calculate the authorization data needed for local file inclusion."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-30T23:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/eddietcc/CVE-Bins/blob/master/PHP-Proxy/readme.md"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Athlon1600/php-proxy-app/issues/139"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19784",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The str_rot_pass function in vendor/atholn1600/php-proxy/src/helpers.php in PHP-Proxy 5.1.0 uses weak cryptography, which makes it easier for attackers to calculate the authorization data needed for local file inclusion."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/eddietcc/CVE-Bins/blob/master/PHP-Proxy/readme.md",
"refsource": "MISC",
"url": "https://github.com/eddietcc/CVE-Bins/blob/master/PHP-Proxy/readme.md"
},
{
"name": "https://github.com/Athlon1600/php-proxy-app/issues/139",
"refsource": "MISC",
"url": "https://github.com/Athlon1600/php-proxy-app/issues/139"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19784",
"datePublished": "2018-12-01T00:00:00.000Z",
"dateReserved": "2018-11-30T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:44:20.263Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19785 (GCVE-0-2018-19785)
Vulnerability from cvelistv5 – Published: 2018-12-01 00:00 – Updated: 2024-08-05 11:44
VLAI
Summary
PHP-Proxy through 5.1.0 has Cross-Site Scripting (XSS) via the URL field in index.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/eddietcc/CVEnotes/blob/master/… | x_refsource_MISC |
| https://github.com/Athlon1600/php-proxy-app/issues/140 | x_refsource_MISC |
Date Public
2018-11-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:44:20.498Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/eddietcc/CVEnotes/blob/master/PHP-Proxy/RADME.md"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Athlon1600/php-proxy-app/issues/140"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PHP-Proxy through 5.1.0 has Cross-Site Scripting (XSS) via the URL field in index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-30T23:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/eddietcc/CVEnotes/blob/master/PHP-Proxy/RADME.md"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Athlon1600/php-proxy-app/issues/140"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19785",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP-Proxy through 5.1.0 has Cross-Site Scripting (XSS) via the URL field in index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/eddietcc/CVEnotes/blob/master/PHP-Proxy/RADME.md",
"refsource": "MISC",
"url": "https://github.com/eddietcc/CVEnotes/blob/master/PHP-Proxy/RADME.md"
},
{
"name": "https://github.com/Athlon1600/php-proxy-app/issues/140",
"refsource": "MISC",
"url": "https://github.com/Athlon1600/php-proxy-app/issues/140"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19785",
"datePublished": "2018-12-01T00:00:00.000Z",
"dateReserved": "2018-11-30T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:44:20.498Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19458 (GCVE-0-2018-19458)
Vulnerability from cvelistv5 – Published: 2018-11-22 20:00 – Updated: 2024-09-16 18:03
VLAI
Summary
In PHP Proxy 3.0.3, any user can read files from the server without authentication due to an index.php?q=file:/// LFI URI, a different vulnerability than CVE-2018-19246.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://pentest.com.tr/exploits/PHP-Proxy-3-0-3-L… | x_refsource_MISC |
| https://www.exploit-db.com/exploits/45780/ | exploitx_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:37:11.306Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pentest.com.tr/exploits/PHP-Proxy-3-0-3-Local-File-Inclusion.html"
},
{
"name": "45780",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45780/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In PHP Proxy 3.0.3, any user can read files from the server without authentication due to an index.php?q=file:/// LFI URI, a different vulnerability than CVE-2018-19246."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-22T20:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pentest.com.tr/exploits/PHP-Proxy-3-0-3-Local-File-Inclusion.html"
},
{
"name": "45780",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45780/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19458",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In PHP Proxy 3.0.3, any user can read files from the server without authentication due to an index.php?q=file:/// LFI URI, a different vulnerability than CVE-2018-19246."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pentest.com.tr/exploits/PHP-Proxy-3-0-3-Local-File-Inclusion.html",
"refsource": "MISC",
"url": "https://pentest.com.tr/exploits/PHP-Proxy-3-0-3-Local-File-Inclusion.html"
},
{
"name": "45780",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45780/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19458",
"datePublished": "2018-11-22T20:00:00.000Z",
"dateReserved": "2018-11-22T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:03:53.438Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19246 (GCVE-0-2018-19246)
Vulnerability from cvelistv5 – Published: 2018-11-13 07:00 – Updated: 2024-08-05 11:30
VLAI
Summary
PHP-Proxy 5.1.0 allows remote attackers to read local files if the default "pre-installed version" (intended for users who lack shell access to their web server) is used. This occurs because the aeb067ca0aa9a3193dce3a7264c90187 app_key value from the default config.php is in place, and this value can be easily used to calculate the authorization data needed for local file inclusion.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/45861/ | exploitx_refsource_EXPLOIT-DB |
| https://github.com/Athlon1600/php-proxy-app/issues/134 | x_refsource_MISC |
Date Public
2018-11-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:30:04.042Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45861",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45861/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Athlon1600/php-proxy-app/issues/134"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PHP-Proxy 5.1.0 allows remote attackers to read local files if the default \"pre-installed version\" (intended for users who lack shell access to their web server) is used. This occurs because the aeb067ca0aa9a3193dce3a7264c90187 app_key value from the default config.php is in place, and this value can be easily used to calculate the authorization data needed for local file inclusion."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-17T10:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "45861",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45861/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Athlon1600/php-proxy-app/issues/134"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19246",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP-Proxy 5.1.0 allows remote attackers to read local files if the default \"pre-installed version\" (intended for users who lack shell access to their web server) is used. This occurs because the aeb067ca0aa9a3193dce3a7264c90187 app_key value from the default config.php is in place, and this value can be easily used to calculate the authorization data needed for local file inclusion."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45861",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45861/"
},
{
"name": "https://github.com/Athlon1600/php-proxy-app/issues/134",
"refsource": "MISC",
"url": "https://github.com/Athlon1600/php-proxy-app/issues/134"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19246",
"datePublished": "2018-11-13T07:00:00.000Z",
"dateReserved": "2018-11-13T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:30:04.042Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19784 (GCVE-0-2018-19784)
Vulnerability from nvd – Published: 2018-12-01 00:00 – Updated: 2024-08-05 11:44
VLAI
Summary
The str_rot_pass function in vendor/atholn1600/php-proxy/src/helpers.php in PHP-Proxy 5.1.0 uses weak cryptography, which makes it easier for attackers to calculate the authorization data needed for local file inclusion.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/eddietcc/CVE-Bins/blob/master/… | x_refsource_MISC |
| https://github.com/Athlon1600/php-proxy-app/issues/139 | x_refsource_MISC |
Date Public
2018-11-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:44:20.263Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/eddietcc/CVE-Bins/blob/master/PHP-Proxy/readme.md"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Athlon1600/php-proxy-app/issues/139"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The str_rot_pass function in vendor/atholn1600/php-proxy/src/helpers.php in PHP-Proxy 5.1.0 uses weak cryptography, which makes it easier for attackers to calculate the authorization data needed for local file inclusion."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-30T23:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/eddietcc/CVE-Bins/blob/master/PHP-Proxy/readme.md"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Athlon1600/php-proxy-app/issues/139"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19784",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The str_rot_pass function in vendor/atholn1600/php-proxy/src/helpers.php in PHP-Proxy 5.1.0 uses weak cryptography, which makes it easier for attackers to calculate the authorization data needed for local file inclusion."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/eddietcc/CVE-Bins/blob/master/PHP-Proxy/readme.md",
"refsource": "MISC",
"url": "https://github.com/eddietcc/CVE-Bins/blob/master/PHP-Proxy/readme.md"
},
{
"name": "https://github.com/Athlon1600/php-proxy-app/issues/139",
"refsource": "MISC",
"url": "https://github.com/Athlon1600/php-proxy-app/issues/139"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19784",
"datePublished": "2018-12-01T00:00:00.000Z",
"dateReserved": "2018-11-30T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:44:20.263Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19785 (GCVE-0-2018-19785)
Vulnerability from nvd – Published: 2018-12-01 00:00 – Updated: 2024-08-05 11:44
VLAI
Summary
PHP-Proxy through 5.1.0 has Cross-Site Scripting (XSS) via the URL field in index.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/eddietcc/CVEnotes/blob/master/… | x_refsource_MISC |
| https://github.com/Athlon1600/php-proxy-app/issues/140 | x_refsource_MISC |
Date Public
2018-11-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:44:20.498Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/eddietcc/CVEnotes/blob/master/PHP-Proxy/RADME.md"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Athlon1600/php-proxy-app/issues/140"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PHP-Proxy through 5.1.0 has Cross-Site Scripting (XSS) via the URL field in index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-30T23:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/eddietcc/CVEnotes/blob/master/PHP-Proxy/RADME.md"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Athlon1600/php-proxy-app/issues/140"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19785",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP-Proxy through 5.1.0 has Cross-Site Scripting (XSS) via the URL field in index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/eddietcc/CVEnotes/blob/master/PHP-Proxy/RADME.md",
"refsource": "MISC",
"url": "https://github.com/eddietcc/CVEnotes/blob/master/PHP-Proxy/RADME.md"
},
{
"name": "https://github.com/Athlon1600/php-proxy-app/issues/140",
"refsource": "MISC",
"url": "https://github.com/Athlon1600/php-proxy-app/issues/140"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19785",
"datePublished": "2018-12-01T00:00:00.000Z",
"dateReserved": "2018-11-30T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:44:20.498Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19458 (GCVE-0-2018-19458)
Vulnerability from nvd – Published: 2018-11-22 20:00 – Updated: 2024-09-16 18:03
VLAI
Summary
In PHP Proxy 3.0.3, any user can read files from the server without authentication due to an index.php?q=file:/// LFI URI, a different vulnerability than CVE-2018-19246.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://pentest.com.tr/exploits/PHP-Proxy-3-0-3-L… | x_refsource_MISC |
| https://www.exploit-db.com/exploits/45780/ | exploitx_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:37:11.306Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pentest.com.tr/exploits/PHP-Proxy-3-0-3-Local-File-Inclusion.html"
},
{
"name": "45780",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45780/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In PHP Proxy 3.0.3, any user can read files from the server without authentication due to an index.php?q=file:/// LFI URI, a different vulnerability than CVE-2018-19246."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-22T20:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pentest.com.tr/exploits/PHP-Proxy-3-0-3-Local-File-Inclusion.html"
},
{
"name": "45780",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45780/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19458",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In PHP Proxy 3.0.3, any user can read files from the server without authentication due to an index.php?q=file:/// LFI URI, a different vulnerability than CVE-2018-19246."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pentest.com.tr/exploits/PHP-Proxy-3-0-3-Local-File-Inclusion.html",
"refsource": "MISC",
"url": "https://pentest.com.tr/exploits/PHP-Proxy-3-0-3-Local-File-Inclusion.html"
},
{
"name": "45780",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45780/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19458",
"datePublished": "2018-11-22T20:00:00.000Z",
"dateReserved": "2018-11-22T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:03:53.438Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19246 (GCVE-0-2018-19246)
Vulnerability from nvd – Published: 2018-11-13 07:00 – Updated: 2024-08-05 11:30
VLAI
Summary
PHP-Proxy 5.1.0 allows remote attackers to read local files if the default "pre-installed version" (intended for users who lack shell access to their web server) is used. This occurs because the aeb067ca0aa9a3193dce3a7264c90187 app_key value from the default config.php is in place, and this value can be easily used to calculate the authorization data needed for local file inclusion.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/45861/ | exploitx_refsource_EXPLOIT-DB |
| https://github.com/Athlon1600/php-proxy-app/issues/134 | x_refsource_MISC |
Date Public
2018-11-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:30:04.042Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45861",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45861/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Athlon1600/php-proxy-app/issues/134"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PHP-Proxy 5.1.0 allows remote attackers to read local files if the default \"pre-installed version\" (intended for users who lack shell access to their web server) is used. This occurs because the aeb067ca0aa9a3193dce3a7264c90187 app_key value from the default config.php is in place, and this value can be easily used to calculate the authorization data needed for local file inclusion."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-17T10:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "45861",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45861/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Athlon1600/php-proxy-app/issues/134"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19246",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP-Proxy 5.1.0 allows remote attackers to read local files if the default \"pre-installed version\" (intended for users who lack shell access to their web server) is used. This occurs because the aeb067ca0aa9a3193dce3a7264c90187 app_key value from the default config.php is in place, and this value can be easily used to calculate the authorization data needed for local file inclusion."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45861",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45861/"
},
{
"name": "https://github.com/Athlon1600/php-proxy-app/issues/134",
"refsource": "MISC",
"url": "https://github.com/Athlon1600/php-proxy-app/issues/134"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19246",
"datePublished": "2018-11-13T07:00:00.000Z",
"dateReserved": "2018-11-13T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:30:04.042Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}