Published: 12/08/2020 Updated: 21/11/2022

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Artica Web Proxy 4.30.00000000 allows remote malicious user to bypass privilege detection and gain web backend administrator privileges through SQL injection of the apikey parameter in fw.login.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
articatech web proxy 4.30.000000

Artica Proxy version 430 suffers from an authentication bypass vulnerability ...

This Metasploit module exploits an authenticated command injection vulnerability in Artica Proxy, combined with an authentication bypass discovered on the same version, it is possible to trigger the vulnerability without knowing the credentials The application runs in a virtual appliance and successful exploitation of this vulnerability yields rem ...

Repo for different PoC's I've created

Proof-of-Concepts This repository is for different proof of concepts that have been created Table of Contents CVE-2020-17506 - Artica Proxy 430 Auth Bypass & RCE CVE-2020-1082 - OpenSIS Local File Inclusion

CWE-89 https://blog.max0x4141.com/post/artica_proxy/http://packetstormsecurity.com/files/158868/Artica-Proxy-4.3.0-Authentication-Bypass.html http://packetstormsecurity.com/files/159267/Artica-Proxy-4.30.000000-Authentication-Bypass-Command-Injection.html https://nvd.nist.gov https://github.com/hangmansROP/proof-of-concepts https://packetstormsecurity.com/files/158868/Artica-Proxy-4.3.0-Authentication-Bypass.html

CVE-2020-17506

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect