Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS00d2dmLTl4NXItcDkzOM4AASx6
Weak Cryptography in PHP-Proxy
The str_rot_pass function in vendor/atholn1600/php-proxy/src/helpers.php in PHP-Proxy 5.1.0 uses weak cryptography, which makes it easier for attackers to calculate the authorization data needed for local file inclusion.
Permalink: https://github.com/advisories/GHSA-4wgf-9x5r-p938JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS00d2dmLTl4NXItcDkzOM4AASx6
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 2 years ago
Updated: 10 months ago
CVSS Score: 7.5
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Identifiers: GHSA-4wgf-9x5r-p938, CVE-2018-19784
References:
- https://nvd.nist.gov/vuln/detail/CVE-2018-19784
- https://github.com/Athlon1600/php-proxy-app/issues/139
- https://github.com/0xUhaw/CVE-Bins/tree/master/PHP-Proxy
- https://github.com/advisories/GHSA-4wgf-9x5r-p938
Blast Radius: 11.3
Affected Packages
packagist:athlon1600/php-proxy
Dependent packages: 5Dependent repositories: 32
Downloads: 93,791 total
Affected Version Ranges: <= 5.1.0
No known fixed version
All affected versions: 1.0.0, 3.0.0, 4.0.2, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5