PHProxy Server-Side Request Forgery Vulnerability

Vulnerability

A Server-Side Request Forgery (SSRF) vulnerability has been identified in PHProxy versions through 1.1.1. The issue arises in the URL processing functionality, where the input validation for the _proxurl parameter can be bypassed. This vulnerability allows remote, unauthenticated attackers to submit specially crafted URLs, potentially leading to information disclosure or bypassing server-side network controls.

Impact

Exploitation of this vulnerability could result in unauthorized server-side requests, potentially allowing attackers to access internal resources or services that are not normally exposed to the public.

Added: Jul 21, 2025, 11:47 PM

Updated: Jul 21, 2025, 11:47 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

8.7

remediation

0.0

relevance

0.3

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

8.7

remediation

0.0

relevance

0.3

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PHProxy Server-Side Request Forgery Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating