Skip to main content

Php Proxy

4 CVEs product

Monthly

CVE-2018-19785 PHP MEDIUM POC PATCH This Month

PHP-Proxy through 5.1.0 has Cross-Site Scripting (XSS) via the URL field in index.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Php Proxy
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-19784 PHP HIGH POC This Week

The str_rot_pass function in vendor/atholn1600/php-proxy/src/helpers.php in PHP-Proxy 5.1.0 uses weak cryptography, which makes it easier for attackers to calculate the authorization data needed for. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Php Proxy
NVD GitHub
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-19458 PHP HIGH POC THREAT This Week

In PHP Proxy 3.0.3, any user can read files from the server without authentication due to an index.php?q=file:/// LFI URI, a different vulnerability than CVE-2018-19246. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Php Proxy
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
32.9%
CVE-2018-19246 PHP HIGH POC THREAT This Week

PHP-Proxy 5.1.0 allows remote attackers to read local files if the default "pre-installed version" (intended for users who lack shell access to their web server) is used. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Php Proxy
NVD GitHub Exploit-DB
CVSS 3.0
7.5
EPSS
22.0%
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

PHP-Proxy through 5.1.0 has Cross-Site Scripting (XSS) via the URL field in index.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Php Proxy
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

The str_rot_pass function in vendor/atholn1600/php-proxy/src/helpers.php in PHP-Proxy 5.1.0 uses weak cryptography, which makes it easier for attackers to calculate the authorization data needed for. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Php Proxy
NVD GitHub
EPSS 33% CVSS 7.5
HIGH POC THREAT This Week

In PHP Proxy 3.0.3, any user can read files from the server without authentication due to an index.php?q=file:/// LFI URI, a different vulnerability than CVE-2018-19246. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Php Proxy
NVD Exploit-DB
EPSS 22% CVSS 7.5
HIGH POC THREAT This Week

PHP-Proxy 5.1.0 allows remote attackers to read local files if the default "pre-installed version" (intended for users who lack shell access to their web server) is used. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Php Proxy
NVD GitHub Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy