CVE-2024-2053

Sažetak

The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user. This issue was demonstrated on version 4.50 of the The Artica-Proxy administrative web application attempts to prevent local file inclusion. These protections can be bypassed and arbitrary file requests supplied by unauthenticated users will be returned according to the privileges of the "www-data" user.

Reference

http://seclists.org/fulldisclosure/2024/Mar/11
https://korelogic.com/Resources/Advisories/KL-001-2024-001.txt
http://seclists.org/fulldisclosure/2024/Mar/11
https://korelogic.com/Resources/Advisories/KL-001-2024-001.txt

CVSS

Base:	7.5
Impact:	3.6
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	NONE	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Zadnje važnije ažuriranje

12-01-2026 - 15:48

Objavljeno

21-03-2024 - 02:52