cbcvebase.

Articatech Artica Proxy vulnerabilities

14 known vulnerabilities affecting articatech/artica_proxy.

Total CVEs
14
CISA KEV
0
Public exploits
5
Exploited in wild
3
Severity breakdown
CRITICAL6HIGH5MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2020-13158P1HIGHCVSS 7.5ExploitedPoCfixed in 4.30.0000002020-06-22
CVE-2020-13158 [HIGH] CWE-22 CVE-2020-13158: Artica Proxy before 4.30.000000 Community Edition allows Directory Traversal via the fw.progrss.deta Artica Proxy before 4.30.000000 Community Edition allows Directory Traversal via the fw.progrss.details.php popup parameter.
nvd
CVE-2024-2053P1HIGHCVSS 7.5ExploitedPoCv4.40.000000v4.50.0000002024-03-21
CVE-2024-2053 [HIGH] CWE-23 CVE-2024-2053: The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by u The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user. This issue was demonstrated on version 4.50 of the The Artica-Proxy administrative web application attempts to prevent local file inclusion. These protections can be bypass
nvd
CVE-2022-37153P1MEDIUMCVSS 6.1ExploitedPoCv4.30.0000002022-08-24
CVE-2022-37153 [MEDIUM] CWE-79 CVE-2022-37153: An issue was discovered in Artica Proxy 4.30.000000. There is a XSS vulnerability via the password p An issue was discovered in Artica Proxy 4.30.000000. There is a XSS vulnerability via the password parameter in /fw.login.php.
nvd
CVE-2024-2054P1CRITICALCVSS 9.8PoCv4.50.0000002024-03-21
CVE-2024-2054 [CRITICAL] CWE-502 CVE-2024-2054: The Artica-Proxy administrative web application will deserialize arbitrary PHP objects supplied by u The Artica-Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user.
nvd
CVE-2017-17055P3CRITICALCVSS 9.0PoCfixed in 3.06.1129112017-12-07
CVE-2017-17055 [CRITICAL] CWE-78 CVE-2017-17055: Artica Web Proxy before 3.06.112911 allows remote attackers to execute arbitrary code as root by con Artica Web Proxy before 3.06.112911 allows remote attackers to execute arbitrary code as root by conducting a cross-site scripting (XSS) attack involving the username-form-id parameter to freeradius.users.php.
nvd
CVE-2024-2056P2CRITICALCVSS 9.8v4.50.0000002024-03-05
CVE-2024-2056 [CRITICAL] CWE-288 CVE-2024-2056: Services that are running and bound to the loopback interface on the Artica Proxy are accessible thr Services that are running and bound to the loopback interface on the Artica Proxy are accessible through the proxy service. In particular, the "tailon" service is running, running as the root user, is bound to the loopback interface, and is listening on TCP port 7050. Security issues associated with exposing this network service are documented at gv
nvd
CVE-2021-41739P2CRITICALCVSS 9.8v4.30.0000002022-05-05
CVE-2021-41739 [CRITICAL] CWE-78 CVE-2021-41739: A OS Command Injection vulnerability was discovered in Artica Proxy 4.30.000000. Attackers can execu A OS Command Injection vulnerability was discovered in Artica Proxy 4.30.000000. Attackers can execute OS commands in cyrus.events.php with GET param logs and POST param rp.
nvd
CVE-2024-2055P2CRITICALCVSS 9.8v4.40.000000v4.50.0000002024-03-05
CVE-2024-2055 [CRITICAL] CWE-288 CVE-2024-2055: The "Rich Filemanager" feature of Artica Proxy provides a web-based interface for file management ca The "Rich Filemanager" feature of Artica Proxy provides a web-based interface for file management capabilities. When the feature is enabled, it does not require authentication by default, and runs as the root user.
nvd
CVE-2020-13159P2CRITICALCVSS 9.8fixed in 4.30.0000002020-06-22
CVE-2020-13159 [CRITICAL] CVE-2020-13159: Artica Proxy before 4.30.000000 Community Edition allows OS command injection via the Netbios name, Artica Proxy before 4.30.000000 Community Edition allows OS command injection via the Netbios name, Server domain name, dhclient_mac, Hostname, or Alias field. NOTE: this may overlap CVE-2020-10818.
nvd
CVE-2019-7300P3HIGHCVSS 7.2v3.06.2000562019-02-01
CVE-2019-7300 [HIGH] CWE-522 CVE-2019-7300: Artica Proxy 3.06.200056 allows remote attackers to execute arbitrary commands as root by reading th Artica Proxy 3.06.200056 allows remote attackers to execute arbitrary commands as root by reading the ressources/settings.inc ldap_admin and ldap_password fields, using these credentials at logon.php, and then entering the commands in the admin.index.php command-line field.
nvd
CVE-2020-15052P3HIGHCVSS 7.5fixed in 4.28.030.4182020-07-20
CVE-2020-15052 [HIGH] CWE-89 CVE-2020-15052: An issue was discovered in Artica Proxy CE before 4.28.030.418. SQL Injection exists via the Netmask An issue was discovered in Artica Proxy CE before 4.28.030.418. SQL Injection exists via the Netmask, Hostname, and Alias fields.
nvd
CVE-2020-10818P3HIGHCVSS 7.2v4.262020-03-22
CVE-2020-10818 [HIGH] CWE-78 CVE-2020-10818: Artica Proxy 4.26 allows remote command execution for an authenticated user via shell metacharacters Artica Proxy 4.26 allows remote command execution for an authenticated user via shell metacharacters in the "Modify the hostname" field.
nvd
CVE-2020-15051P4MEDIUMCVSS 6.1fixed in 4.30.0000002020-07-15
CVE-2020-15051 [MEDIUM] CWE-79 CVE-2020-15051: An issue was discovered in Artica Proxy before 4.30.000000. Stored XSS exists via the Server Domain An issue was discovered in Artica Proxy before 4.30.000000. Stored XSS exists via the Server Domain Name, Your Email Address, Group Name, MYSQL Server, Database, MYSQL Username, Group Name, and Task Description fields.
nvd
CVE-2020-15053P4MEDIUMCVSS 6.1fixed in 4.28.030.4182020-07-20
CVE-2020-15053 [MEDIUM] CWE-79 CVE-2020-15053: An issue was discovered in Artica Proxy CE before 4.28.030.418. Reflected XSS exists via these searc An issue was discovered in Artica Proxy CE before 4.28.030.418. Reflected XSS exists via these search fields: real time request, System Events, Proxy Events, Proxy Objects, and Firewall objects.
nvd
Articatech Artica Proxy vulnerabilities | cvebase