A Command Injection vulnerability in Artica Proxy appliance version 4.50 and 4.40
allows remote attackers to run arbitrary commands via unauthenticated HTTP request.
The Artica Proxy administrative web application will deserialize arbitrary PHP objects
supplied by unauthenticated users and subsequently enable code execution as the "www-data" user.
msf > use exploit/linux/http/artica_proxy_unauth_rce_cve_2024_2054
msf exploit(artica_proxy_unauth_rce_cve_2024_2054) > show targets
...targets...
msf exploit(artica_proxy_unauth_rce_cve_2024_2054) > set TARGET < target-id >
msf exploit(artica_proxy_unauth_rce_cve_2024_2054) > show options
...show and set options...
msf exploit(artica_proxy_unauth_rce_cve_2024_2054) > exploit