exploitDog

CVE-2020-17505

Опубликовано: 12 авг. 2020

Источник: nvd

CVSS3: 8.8

CVSS2: 9

EPSS Критический

Описание

Artica Web Proxy 4.30.000000 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via service_cmds_peform.

Ссылки

http://packetstormsecurity.com/files/159267/Artica-Proxy-4.30.000000-Authentication-Bypass-Command-Injection.html
Exploit
Third Party Advisory
VDB Entry
https://blog.max0x4141.com/post/artica_proxy/
Exploit
Third Party Advisory
http://packetstormsecurity.com/files/159267/Artica-Proxy-4.30.000000-Authentication-Bypass-Command-Injection.html
Exploit
Third Party Advisory
VDB Entry
https://blog.max0x4141.com/post/artica_proxy/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:articatech:web_proxy:4.30.000000:*:*:*:*:*:*:*

EPSS

Процентиль: 100%

0.90192

Критический

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-m3f9-9cw6-5ccj

CVSS3: 8.8

github

больше 3 лет назад

Artica Web Proxy 4.30.000000 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via service_cmds_peform.

EPSS

Процентиль: 100%

0.90192

Критический

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-78