CVE-2024-2053

Exploit

EPSS 29.31%
Veröffentlicht 21.03.2024 02:52:27
Zuletzt bearbeitet 17.06.2025 13:57:02
Quelle cve@takeonme.org
CVE-Watchlists
Login
Unerledigt
Login

The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user. This issue was demonstrated on version 4.50 of the The Artica-Proxy administrative web application attempts to prevent local file inclusion. These protections can be bypassed and arbitrary file requests supplied by unauthenticated users will be returned according to the privileges of the "www-data" user.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Articatech ≫ Artica Proxy Version4.40

Articatech ≫ Artica Proxy Version4.50

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	29.31%	0.964

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-23 Relative Path Traversal

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.

http://seclists.org/fulldisclosure/2024/Mar/11

Exploit

Mailing List

https://korelogic.com/Resources/Advisories/KL-001-2024-001.txt

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2024-2053

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-2053

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-2053

EUVD