Security Advisory

CVE-2018-19246

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2018-11-13 07:00:00

Last updated 2024-08-05 11:30:04

Assigner mitre

State PUBLISHED

Description

PHP-Proxy 5.1.0 allows remote attackers to read local files if the default "pre-installed version" (intended for users who lack shell access to their web server) is used. This occurs because the aeb067ca0aa9a3193dce3a7264c90187 app_key value from the default config.php is in place, and this value can be easily used to calculate the authorization data needed for local file inclusion.

← Browse all CVEs View on cve.org ↗