CVE-2018-19246

Name of the Vulnerable Software and Affected Versions PHP-Proxy version 5.1.0

Description The issue allows remote attackers to read local files if the default "pre-installed version" is used. This occurs because the aeb067ca0aa9a3193dce3a7264c90187 app key value from the default config.php is in place, and this value can be easily used to calculate the authorization data needed for local file inclusion.

Recommendations For PHP-Proxy version 5.1.0, consider changing the default app key value in the config.php file to prevent unauthorized access. As a temporary workaround, restrict access to sensitive local files until a more permanent solution is implemented.