athlon1600/php-proxy

Packagist2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting athlon1600/php-proxypage 1 of 1

CVE-2018-19246HIGHCVSS 7.5EG 7.5
2018-11-13
vulnerable: 1.0.0 ... v5.0.5 (8 versions)
PHP-Proxy 5.1.0 allows remote attackers to read local files if the default "pre-installed version" (intended for users who lack shell access to their web server) is used. This occurs because the aeb067ca0aa9a3193dce3a7264c90187 app_key val…
CVE-2018-19784HIGHCVSS 7.5EG 7.5
2018-12-01
vulnerable: 1.0.0 ... v5.0.5 (8 versions)
The str_rot_pass function in vendor/atholn1600/php-proxy/src/helpers.php in PHP-Proxy 5.1.0 uses weak cryptography, which makes it easier for attackers to calculate the authorization data needed for local file inclusion.

Check whether athlon1600/php-proxy is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for athlon1600/php-proxy CVEs against the assets you own.

Start Free Scan →