Artica Web Proxy 4.30 - OS Command Injection

Artica Web Proxy 4.30 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via servicecmdspeform. id: CVE-2020-17505 info: name: Artica Web Proxy 4.30 - OS Command Injection author: dwisiswant0...

CVE-2020-17505

Artica Web Proxy 4.30.000000 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via servicecmdspeform...

CVE-2020-17506

Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator privileges through SQL injection of the apikey parameter in fw.login.php...

VulnCheck KEV: CVE-2020-17506

Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator privileges through SQL injection of the apikey parameter in fw.login.php...

ArticaTech Artica Web Proxy SQL Injection Vulnerability

ArticaTech Artica Proxy is an open source Artica proxy solution from the French company ArticaTech. An SQL injection vulnerability exists in the 'apikey' parameter of the fw.login.php file in Artica Web Proxy version 4.30.00000000. A remote attacker can exploit this vulnerability to bypass...

CVE-2020-17506

Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator privileges through SQL injection of the apikey parameter in fw.login.php...

CVE-2020-17505

Artica Web Proxy 4.30.000000 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via servicecmdspeform...

CVE-2020-17506

Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator privileges through SQL injection of the apikey parameter in fw.login.php...

Sql injection

Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator privileges through SQL injection of the apikey parameter in fw.login.php...

Command injection

Artica Web Proxy 4.30.000000 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via servicecmdspeform...

CVE-2020-17505

Artica Web Proxy 4.30.000000 is affected by CVE-2020-17505. AnAuthenticated attacker can inject commands via the service-cmds parameter in cyrus.php, with the injected commands executed as root through service_cmds_peform, yielding remote code execution. The issue is documented across multiple so...

CVE-2020-17505

Artica Web Proxy 4.30.000000 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via servicecmdspeform...

CVE-2020-17506

CVE-2020-17506 affects Artica Web Proxy 4.30.00000000. The vulnerability is an SQL injection in the apikey parameter of fw.login.php that allows remote attackers to bypass privilege detection and gain web backend administrator privileges. Documents indicate this can lead to authentication bypass ...

CVE-2020-17506

Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator privileges through SQL injection of the apikey parameter in fw.login.php...

PT-2020-5817 · Artica · Artica Web Proxy

Name of the Vulnerable Software and Affected Versions: Artica Web Proxy version 4.30.00000000 Description: The issue is related to a lack of protection against SQL structure manipulation in the fw.login.php component. This can be exploited by a remote attacker to bypass privilege detection and ga...

PT-2020-15027 · Artica · Artica Web Proxy

Name of the Vulnerable Software and Affected Versions: Artica Web Proxy version 4.30.000000 Description: The issue allows an authenticated remote attacker to inject commands via the service-cmds parameter in "cyrus.php". These commands are executed with root privileges through the service cmds...

Artica Web Proxy Cross-site Scripting (CVE-2017-17055)

A cross-site scripting vulnerability exists in Artica Web Proxy. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...

CVE-2017-17055

Artica Web Proxy before 3.06.112911 allows remote attackers to execute arbitrary code as root by conducting a cross-site scripting XSS attack involving the username-form-id parameter to freeradius.users.php...

CVE-2017-17055

Artica Web Proxy before 3.06.112911 allows remote attackers to execute arbitrary code as root by conducting a cross-site scripting XSS attack involving the username-form-id parameter to freeradius.users.php...

Cross site scripting

Artica Web Proxy before 3.06.112911 allows remote attackers to execute arbitrary code as root by conducting a cross-site scripting XSS attack involving the username-form-id parameter to freeradius.users.php...