Lucene search
HistoryMar 21, 2024 - 2:52 a.m.
CVE-2024-2053
cve-2024-2053
deserialization
php
code execution
arbitrary file requests
local file inclusion
The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the βwww-dataβ user. This issue was demonstrated on version 4.50 of theΒ The Artica-Proxy administrative web application attempts to prevent local file inclusion. These protections can be bypassed and arbitrary file requests supplied by unauthenticated users will be returned according to the privileges of the βwww-dataβ user.
Related
zdt
zdt
Artica Proxy 4.40 / 4.50 Local File Inclusion / Traversal Vulnerability
2024-03-06 00:00:00
korelogic
korelogic
Artica Proxy Unauthenticated LFI Protection Bypass Vulnerability
2024-03-05 00:00:00
packetstorm
packetstorm
Artica Proxy 4.40 / 4.50 Local File Inclusion / Traversal
2024-03-06 00:00:00
prion
prion
Design/Logic Flaw
2024-03-14 22:47:31
cve
cve
CVE-2024-2053
2024-03-21 02:52:27
cvelist
cvelist