Packagist (Composer) package
athlon1600/php-proxy-app
pkg:composer/athlon1600/php-proxy-app
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-19785 | — | < 3.0 | 3.0 | Dec 1, 2018 | PHP-Proxy through 5.1.0 has Cross-Site Scripting (XSS) via the URL field in index.php. | ||
| CVE-2018-19458 | — | <= 3.0 | — | Nov 22, 2018 | In PHP Proxy 3.0.3, any user can read files from the server without authentication due to an index.php?q=file:/// LFI URI, a different vulnerability than CVE-2018-19246. |
- CVE-2018-19785Dec 1, 2018affected < 3.0fixed 3.0
PHP-Proxy through 5.1.0 has Cross-Site Scripting (XSS) via the URL field in index.php.
- CVE-2018-19458Nov 22, 2018affected <= 3.0
In PHP Proxy 3.0.3, any user can read files from the server without authentication due to an index.php?q=file:/// LFI URI, a different vulnerability than CVE-2018-19246.