module
Artica Proxy Unauthenticated PHP Deserialization Vulnerability
| Disclosed |
|---|
| Mar 5, 2024 |
Disclosed
Mar 5, 2024
Description
A Command Injection vulnerability in Artica Proxy appliance version 4.50 and 4.40
allows remote attackers to run arbitrary commands via unauthenticated HTTP request.
The Artica Proxy administrative web application will deserialize arbitrary PHP objects
supplied by unauthenticated users and subsequently enable code execution as the "www-data" user.
allows remote attackers to run arbitrary commands via unauthenticated HTTP request.
The Artica Proxy administrative web application will deserialize arbitrary PHP objects
supplied by unauthenticated users and subsequently enable code execution as the "www-data" user.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.