Lucene search
AHACVELIST:CVE-2024-2053HistoryMar 05, 2024 - 6:56 p.m.
CVE-2024-2053 Artica Proxy Unauthenticated LFI Protection Bypass Vulnerability
2024-03-0518:56:10
CWE-23
AHA
www.cve.org
cve-2024-2053
artica proxy
unauthenticated users
lfi
protection bypass
code execution
www-data user
arbitrary file requests
The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the βwww-dataβ user. This issue was demonstrated on version 4.50 of theΒ The Artica-Proxy administrative web application attempts to prevent local file inclusion. These protections can be bypassed and arbitrary file requests supplied by unauthenticated users will be returned according to the privileges of the βwww-dataβ user.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Artica Proxy",
"vendor": "Artica Tech",
"versions": [
{
"status": "affected",
"version": "4.50"
},
{
"status": "affected",
"version": "4.40"
}
]
}
]Related
zdt
zdt
Artica Proxy 4.40 / 4.50 Local File Inclusion / Traversal Vulnerability
2024-03-06 00:00:00
korelogic
korelogic
Artica Proxy Unauthenticated LFI Protection Bypass Vulnerability
2024-03-05 00:00:00
packetstorm
packetstorm
Artica Proxy 4.40 / 4.50 Local File Inclusion / Traversal
2024-03-06 00:00:00
prion
prion
Design/Logic Flaw
2024-03-14 22:47:31
cve
cve
CVE-2024-2053
2024-03-21 02:52:27
nvd
nvd
CVE-2024-2053
2024-03-21 02:52:27