admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-11-28 18:48:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2024/CVE-2024-2053.md
0xMarcio ba290685fe Update CVE sources 2024-06-09 00:33
2024-06-09 00:33:16 +00:00

21 lines
1.2 KiB
Markdown
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

### [CVE-2024-2053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2053)
![](https://img.shields.io/static/v1?label=Product&message=Artica%20Proxy&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%204.50%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-23%20Relative%20Path%20Traversal&color=brighgreen)
### Description
The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user. This issue was demonstrated on version 4.50 of the The Artica-Proxy administrative web application attempts to prevent local file inclusion. These protections can be bypassed and arbitrary file requests supplied by unauthenticated users will be returned according to the privileges of the "www-data" user.
### POC
#### Reference
- http://seclists.org/fulldisclosure/2024/Mar/11
- http://seclists.org/fulldisclosure/2024/Mar/11
- https://korelogic.com/Resources/Advisories/KL-001-2024-001.txt
- https://korelogic.com/Resources/Advisories/KL-001-2024-001.txt
#### Github
No PoCs found on GitHub currently.
Reference in New Issue View Git Blame Copy Permalink