← Back to CVEs
CVE-2020-17506
CRITICAL9.8
Description
Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator privileges through SQL injection of the apikey parameter in fw.login.php.
CVE Details
CVSS v3.1 Score9.8
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published8/12/2020
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
articatech:web_proxy
Weaknesses (CWE)
CWE-89
References
http://packetstormsecurity.com/files/158868/Artica-Proxy-4.3.0-Authentication-Bypass.html(cve@mitre.org)
http://packetstormsecurity.com/files/159267/Artica-Proxy-4.30.000000-Authentication-Bypass-Command-Injection.html(cve@mitre.org)
https://blog.max0x4141.com/post/artica_proxy/(cve@mitre.org)
http://packetstormsecurity.com/files/158868/Artica-Proxy-4.3.0-Authentication-Bypass.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/159267/Artica-Proxy-4.30.000000-Authentication-Bypass-Command-Injection.html(af854a3a-2127-422b-91ae-364da2661108)
https://blog.max0x4141.com/post/artica_proxy/(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.