In PHP Proxy 3.0.3, any user can read files from the server without authentication due to an index.php?q=file:/// LFI URI, a different vulnerability than CVE-2018-19246.
{
"cwe_ids": [
"CWE-287"
],
"severity": "HIGH",
"github_reviewed_at": "2023-07-07T17:22:21Z",
"github_reviewed": true,
"nvd_published_at": "2018-11-22T20:29:00Z"
}