← Zuruck zu CVEs
CVE-2020-17506
CRITICAL9.8
Beschreibung
Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator privileges through SQL injection of the apikey parameter in fw.login.php.
CVE Details
CVSS v3.1 Bewertung9.8
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht8/12/2020
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
articatech:web_proxy
Schwachen (CWE)
CWE-89
Referenzen
http://packetstormsecurity.com/files/158868/Artica-Proxy-4.3.0-Authentication-Bypass.html(cve@mitre.org)
http://packetstormsecurity.com/files/159267/Artica-Proxy-4.30.000000-Authentication-Bypass-Command-Injection.html(cve@mitre.org)
https://blog.max0x4141.com/post/artica_proxy/(cve@mitre.org)
http://packetstormsecurity.com/files/158868/Artica-Proxy-4.3.0-Authentication-Bypass.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/159267/Artica-Proxy-4.30.000000-Authentication-Bypass-Command-Injection.html(af854a3a-2127-422b-91ae-364da2661108)
https://blog.max0x4141.com/post/artica_proxy/(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.