PHP-Proxy allows remote attackers to read local files if the default pre-installed version
(intended for users who lack shell access to their web server) is used. This occurs because the app_key
value from the default config.php
is in place, and this value can be easily used to calculate the authorization data needed for local file inclusion.
CPE | Name | Operator | Version |
---|---|---|---|
packagist/athlon1600/php-proxy-app | eq | 5.1.0 |