Unrated severityNVD Advisory· Published Mar 5, 2024· Updated Feb 13, 2025
Artica Proxy Unauthenticated LFI Protection Bypass Vulnerability
CVE-2024-2053
Description
The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user. This issue was demonstrated on version 4.50 of the The Artica-Proxy administrative web application attempts to prevent local file inclusion. These protections can be bypassed and arbitrary file requests supplied by unauthenticated users will be returned according to the privileges of the "www-data" user.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: =4.50
- Artica Tech/Artica Proxyv5Range: 4.50
Patches
Vulnerability mechanics
References
2- korelogic.com/Resources/Advisories/KL-001-2024-001.txtmitrethird-party-advisory
- seclists.org/fulldisclosure/2024/Mar/11mitre
News mentions
0No linked articles in our index yet.