Vulnerability CVE-2024-2054


Published: 2024-03-21

Description:
The Artica-Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Artica Proxy 4.50 Unauthenticated PHP Deserialization
Jaggar Henry
09.03.2024

Type:

CWE-502

(Deserialization of Untrusted Data)

 References:
https://korelogic.com/Resources/Advisories/KL-001-2024-002.txt
http://seclists.org/fulldisclosure/2024/Mar/12

Copyright 2024, cxsecurity.com

 

Back to Top