The vulnerability of the fw.login.php component of the Artica Web Proxy management system allows a hacker to execute arbitrary code with root privileges.

🗓️ 01 Apr 2021 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 2 Views

Fw.login.php flaw in Artica Web Proxy allows remote root code execution via insecure sql handling.

Reporter	Title	Published	Views	Family All 18
0day.today	Artica Proxy 4.3.0 - Authentication Bypass Exploit	13 Aug 202000:00	–	zdt
0day.today	Artica Proxy 4.30.000000 Authentication Bypass / Command Injection Exploit	22 Sep 202000:00	–	zdt
Circl	CVE-2020-17506	21 Sep 202020:38	–	circl
CNVD	ArticaTech Artica Web Proxy SQL Injection Vulnerability	20 Aug 202000:00	–	cnvd
Check Point Advisories	SQL Injection Over HTTP Traffic (CVE-2020-11530; CVE-2020-17463; CVE-2020-17506; CVE-2020-25990; CVE-2020-27481; CVE-2020-5766; CVE-2020-8655; CVE-2020-8656; CVE-2020-9465)	18 Nov 202000:00	–	checkpoint_advisories
CVE	CVE-2020-17506	12 Aug 202016:33	–	cve
Cvelist	CVE-2020-17506	12 Aug 202016:33	–	cvelist
Exploit DB	Artica Proxy 4.3.0 - Authentication Bypass	13 Aug 202000:00	–	exploitdb
Metasploit	Artica proxy 4.30.000000 Auth Bypass service-cmds-peform Command Injection	22 Sep 202017:41	–	metasploit
Nuclei	Artica Web Proxy 4.30 - Authentication Bypass/SQL Injection	16 Jun 202607:13	–	nuclei

Vulners

Node

artica_proxy artica_web_proxyMatch4.30.00000000

Source	Link
packetstormsecurity	www.packetstormsecurity.com/files/158868/Artica-Proxy-4.3.0-Authentication-Bypass.html
packetstormsecurity	www.packetstormsecurity.com/files/159267/Artica-Proxy-4.30.000000-Authentication-Bypass-Command-Injection.html
exploit-db	www.exploit-db.com/exploits/48744
web	www.web.nvd.nist.gov/view/vuln/detail

01 Apr 2021 00:00Current

8.4High risk

Vulners AI Score8.4

CVSS 39.8

CVSS 210

EPSS0.93967

database query vulnerability remote code execution root privileges web proxy login artica web proxy