Lucene search
AHAVULNRICHMENT:CVE-2024-2053HistoryMar 05, 2024 - 6:56 p.m.
CVE-2024-2053 Artica Proxy Unauthenticated LFI Protection Bypass Vulnerability
2024-03-0518:56:10
CWE-23
AHA
github.com
6
artica proxy
unauthenticated
lfi
bypass
vulnerability
code execution
web application
www-data" user
version 4.50
The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the βwww-dataβ user. This issue was demonstrated on version 4.50 of theΒ The Artica-Proxy administrative web application attempts to prevent local file inclusion. These protections can be bypassed and arbitrary file requests supplied by unauthenticated users will be returned according to the privileges of the βwww-dataβ user.
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:articatech:artica_proxy:4.50:*:*:*:*:*:*:*"
],
"vendor": "articatech",
"product": "artica_proxy",
"versions": [
{
"status": "affected",
"version": "4.50"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:a:articatech:artica_proxy:4.40:*:*:*:*:*:*:*"
],
"vendor": "articatech",
"product": "artica_proxy",
"versions": [
{
"status": "affected",
"version": "4.40"
}
],
"defaultStatus": "unknown"
}
]Related
cvelist
cvelist
nvd
nvd
CVE-2024-2053
2024-03-21 02:52:27
cve
cve
CVE-2024-2053
2024-03-21 02:52:27
packetstorm
packetstorm
Artica Proxy 4.40 / 4.50 Local File Inclusion / Traversal
2024-03-06 00:00:00
prion
prion
Design/Logic Flaw
2024-03-14 22:47:31
korelogic
korelogic
Artica Proxy Unauthenticated LFI Protection Bypass Vulnerability
2024-03-05 00:00:00
zdt
zdt
Artica Proxy 4.40 / 4.50 Local File Inclusion / Traversal Vulnerability
2024-03-06 00:00:00
AI Score
7.9
Confidence
Low
SSVC
Exploitation
poc
Automatable
yes
Technical Impact
partial
Related for VULNRICHMENT:CVE-2024-2053