Advisories for Composer/Athlon1600/Php-Proxy-App package

The str_rot_pass function in PHP-Proxy uses weak cryptography, which makes it easier for attackers to calculate the authorization data needed for local file inclusion.

PHP-Proxy has Cross-Site Scripting (XSS) via the URL field in index.php.

In PHP Proxy, any user can read files from the server without authentication.

PHP-Proxy allows remote attackers to read local files if the default pre-installed version (intended for users who lack shell access to their web server) is used. This occurs because the app_key value from the default config.php is in place, and this value can be easily used to calculate the authorization data needed for local file inclusion.