CVE-2024-2054

Related Files

Artica Proxy Unauthenticated PHP Deserialization

Posted Mar 27, 2024

Authored by h00die-gr3y, Jaggar Henry | Site metasploit.com

A command injection vulnerability in Artica Proxy appliance versions 4.50 and 4.40 allows remote attackers to run arbitrary commands via an unauthenticated HTTP request. The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the www-data user.

tags | exploit, remote, web, arbitrary, php, code execution

advisories | CVE-2024-2054

SHA-256 | 769d2d7e8f18e8bd0ce142472f159825e87239bfc4426229f241a00de99425a0

Download | Favorite | View

Artica Proxy 4.50 Unauthenticated PHP Deserialization

Posted Mar 6, 2024

Authored by Jaggar Henry | Site korelogic.com

The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the www-data user. Version 4.50 is affected.

tags | exploit, web, arbitrary, php, code execution

advisories | CVE-2024-2054

SHA-256 | 8e2ee354af5fde39323dcb9b78bd8d0b892172400746b1b66015b3a87cbd8630

Download | Favorite | View