Skip to main content

Artica Proxy

13 CVEs product

Monthly

CVE-2024-2054 CRITICAL POC THREAT Emergency

The Artica-Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE PHP Artica Proxy
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
81.3%
CVE-2024-2053 HIGH POC THREAT This Week

The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Artica Proxy
NVD
CVSS 3.1
7.5
EPSS
44.6%
CVE-2024-2056 Go CRITICAL POC THREAT Act Now

Services that are running and bound to the loopback interface on the Artica Proxy are accessible through the proxy service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Artica Proxy
NVD GitHub
CVSS 3.1
9.8
EPSS
16.7%
CVE-2024-2055 CRITICAL POC Act Now

The "Rich Filemanager" feature of Artica Proxy provides a web-based interface for file management capabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Artica Proxy
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-37153 MEDIUM POC This Month

An issue was discovered in Artica Proxy 4.30.000000. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Artica Proxy
NVD GitHub
CVSS 3.1
6.1
EPSS
1.4%
CVE-2020-15053 MEDIUM POC This Month

An issue was discovered in Artica Proxy CE before 4.28.030.418. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Artica Proxy
NVD GitHub
CVSS 3.1
6.1
EPSS
1.8%
CVE-2020-15052 HIGH POC This Week

An issue was discovered in Artica Proxy CE before 4.28.030.418. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Artica Proxy
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2020-15051 MEDIUM POC This Month

An issue was discovered in Artica Proxy before 4.30.000000. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Artica Proxy
NVD GitHub
CVSS 3.1
6.1
EPSS
2.5%
CVE-2020-13159 CRITICAL POC Act Now

Artica Proxy before 4.30.000000 Community Edition allows OS command injection via the Netbios name, Server domain name, dhclient_mac, Hostname, or Alias field. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Artica Proxy
NVD GitHub
CVSS 3.1
9.8
EPSS
9.3%
CVE-2020-13158 HIGH POC THREAT This Week

Artica Proxy before 4.30.000000 Community Edition allows Directory Traversal via the fw.progrss.details.php popup parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Artica Proxy
NVD GitHub
CVSS 3.1
7.5
EPSS
53.5%
CVE-2020-10818 HIGH POC This Week

Artica Proxy 4.26 allows remote command execution for an authenticated user via shell metacharacters in the "Modify the hostname" field. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Artica Proxy
NVD
CVSS 3.1
7.2
EPSS
2.9%
CVE-2019-7300 HIGH POC This Week

Artica Proxy 3.06.200056 allows remote attackers to execute arbitrary commands as root by reading the ressources/settings.inc ldap_admin and ldap_password fields, using these credentials at. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Artica Proxy
NVD GitHub
CVSS 3.0
7.2
EPSS
2.8%
CVE-2017-17055 CRITICAL POC Act Now

Artica Web Proxy before 3.06.112911 allows remote attackers to execute arbitrary code as root by conducting a cross-site scripting (XSS) attack involving the username-form-id parameter to. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE PHP Command Injection Artica Proxy
NVD Exploit-DB
CVSS 3.0
9.0
EPSS
3.6%
EPSS 81% CVSS 9.8
CRITICAL POC THREAT Emergency

The Artica-Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE PHP +1
NVD Exploit-DB
EPSS 45% CVSS 7.5
HIGH POC THREAT This Week

The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Artica Proxy
NVD
EPSS 17% CVSS 9.8
CRITICAL POC THREAT Act Now

Services that are running and bound to the loopback interface on the Artica Proxy are accessible through the proxy service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Artica Proxy
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

The "Rich Filemanager" feature of Artica Proxy provides a web-based interface for file management capabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Artica Proxy
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

An issue was discovered in Artica Proxy 4.30.000000. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Artica Proxy
NVD GitHub
EPSS 2% CVSS 6.1
MEDIUM POC This Month

An issue was discovered in Artica Proxy CE before 4.28.030.418. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Artica Proxy
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC This Week

An issue was discovered in Artica Proxy CE before 4.28.030.418. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Artica Proxy
NVD GitHub
EPSS 2% CVSS 6.1
MEDIUM POC This Month

An issue was discovered in Artica Proxy before 4.30.000000. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Artica Proxy
NVD GitHub
EPSS 9% CVSS 9.8
CRITICAL POC Act Now

Artica Proxy before 4.30.000000 Community Edition allows OS command injection via the Netbios name, Server domain name, dhclient_mac, Hostname, or Alias field. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Artica Proxy
NVD GitHub
EPSS 54% CVSS 7.5
HIGH POC THREAT This Week

Artica Proxy before 4.30.000000 Community Edition allows Directory Traversal via the fw.progrss.details.php popup parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Artica Proxy
NVD GitHub
EPSS 3% CVSS 7.2
HIGH POC This Week

Artica Proxy 4.26 allows remote command execution for an authenticated user via shell metacharacters in the "Modify the hostname" field. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Artica Proxy
NVD
EPSS 3% CVSS 7.2
HIGH POC This Week

Artica Proxy 3.06.200056 allows remote attackers to execute arbitrary commands as root by reading the ressources/settings.inc ldap_admin and ldap_password fields, using these credentials at. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Artica Proxy
NVD GitHub
EPSS 4% CVSS 9.0
CRITICAL POC Act Now

Artica Web Proxy before 3.06.112911 allows remote attackers to execute arbitrary code as root by conducting a cross-site scripting (XSS) attack involving the username-form-id parameter to. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE PHP +2
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy