CVE-2018-19458 Scanner
Detects 'Local File Inclusion (LFI)' vulnerability in PHP Proxy affects v. 3.0.3.
Short Info
Level
High
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
1 month 3 days
Scan only one
URL
Toolbox
-
PHP Proxy is a software product designed to work as a proxy server for PHP applications. The purpose of PHP Proxy is to allow users to bypass existing firewalls and access PHP applications that are usually blocked by default. This software also provides a secure connection to the application server, protecting users' data and privacy.
The CVE-2018-19458 vulnerability was detected in PHP Proxy version 3.0.3. This vulnerability is due to an LFI URI, which allows any user to read files from the server without authentication. This is a different vulnerability from CVE-2018-19246, which has already been resolved. The vulnerability code for CVE-2018-19458 is index.php?q=file:///.
When this vulnerability is exploited, attackers can access sensitive files and data from the server, including configuration files, usernames, and passwords. Attackers can use this information to escalate their attack and gain control of the server or other connected devices. This can result in a complete compromise of the system, leading to a loss of data and resources, as well as reputational damage.
At s4e.io, we offer pro features that allow users to quickly and easily identify vulnerabilities in their digital assets. Our platform provides comprehensive scanning and detection capabilities, as well as expert guidance and support to help users protect their assets against emerging threats. With our advanced tools and technologies, you can stay ahead of the curve and safeguard your digital assets against vulnerabilities like CVE-2018-19458.
REFERENCES