Athlon1600/php-proxy-app

Athlon1600/php-proxy-app

www.php-proxy.com

Releases4

Frequency3 years 8 months

Last Release 10 days ago

Stars861

Web Proxy Application built on php-proxy library ready to be installed on your server

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2018-19784 ↗	Dec 1, 2018Saturday, 1 December 2018, 00:29	—	5 MEDIUM
The str_rot_pass function in vendor/atholn1600/php-proxy/src/helpers.php in PHP-Proxy 5.1.0 uses weak cryptography, which makes it easier for attackers to calculate the authorization data needed for local file inclusion.
CVE-2018-19785 ↗	Dec 1, 2018Saturday, 1 December 2018, 00:29	—	4.3 MEDIUM
PHP-Proxy through 5.1.0 has Cross-Site Scripting (XSS) via the URL field in index.php.
CVE-2018-19246 ↗	Nov 13, 2018Tuesday, 13 November 2018, 09:29	—	5 MEDIUM
PHP-Proxy 5.1.0 allows remote attackers to read local files if the default "pre-installed version" (intended for users who lack shell access to their web server) is used. This occurs because the aeb067ca0aa9a3193dce3a7264c90187 app_key value from the default config.php is in place, and this value can be easily used to calculate the authorization data needed for local file inclusion.