CVE-2018-19246
Last modified
CVE-2018-19246 is a vulnerability of currently unknown severity. PHP-Proxy 5.1.0 allows remote attackers to read local files if the default "pre-installed version" (intended for users who lack shell access to their web server) is used. This occurs because the aeb067ca0aa9a3193dce3a7264c90187 app_key value from the default config.php is in place, and this value can be easily used to calculate the authorization data needed for local file inclusion.. EPSS estimates a 22.52% chance of exploitation in the next 30 days.
Description
PHP-Proxy 5.1.0 allows remote attackers to read local files if the default "pre-installed version" (intended for users who lack shell access to their web server) is used. This occurs because the aeb067ca0aa9a3193dce3a7264c90187 app_key value from the default config.php is in place, and this value can be easily used to calculate the authorization data needed for local file inclusion.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Php-Proxy | Php-Proxy | 5.1.0 |
References
- https://github.com/Athlon1600/php-proxy-app/issues/134Exploit, Third Party Advisory
- https://www.exploit-db.com/exploits/45861/Exploit, Third Party Advisory, VDB Entry
- https://github.com/Athlon1600/php-proxy-app/issues/134Exploit, Third Party Advisory
- https://www.exploit-db.com/exploits/45861/Exploit, Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-19246?
How severe is CVE-2018-19246?
How do I fix CVE-2018-19246?
Are you affected by CVE-2018-19246?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST