S4E

CVE-2018-19458 Scanner

Detects 'Local File Inclusion (LFI)' vulnerability in PHP Proxy affects v. 3.0.3.

Short Info


Level

High

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 seconds

Time Interval

1 month 3 days

Scan only one

URL

Toolbox

-

PHP Proxy is a software product designed to work as a proxy server for PHP applications. The purpose of PHP Proxy is to allow users to bypass existing firewalls and access PHP applications that are usually blocked by default. This software also provides a secure connection to the application server, protecting users' data and privacy.

The CVE-2018-19458 vulnerability was detected in PHP Proxy version 3.0.3. This vulnerability is due to an LFI URI, which allows any user to read files from the server without authentication. This is a different vulnerability from CVE-2018-19246, which has already been resolved. The vulnerability code for CVE-2018-19458 is index.php?q=file:///.

When this vulnerability is exploited, attackers can access sensitive files and data from the server, including configuration files, usernames, and passwords. Attackers can use this information to escalate their attack and gain control of the server or other connected devices. This can result in a complete compromise of the system, leading to a loss of data and resources, as well as reputational damage.

At s4e.io, we offer pro features that allow users to quickly and easily identify vulnerabilities in their digital assets. Our platform provides comprehensive scanning and detection capabilities, as well as expert guidance and support to help users protect their assets against emerging threats. With our advanced tools and technologies, you can stay ahead of the curve and safeguard your digital assets against vulnerabilities like CVE-2018-19458.

 

REFERENCES

Get started to protecting your Free Full Security Scan