跳转到帖子

Artica Proxy Unauthenticated PHP Deserialization Vulnerability

recommended_posts

发布于
  • Members

Artica Proxy Unauthenticated PHP Deserialization Vulnerability

Disclosed
03/05/2024
Created
03/26/2024

Description

A Command Injection vulnerability in Artica Proxy appliance version 4.50 and 4.40 allows remote attackers to run arbitrary commands via unauthenticated HTTP request. The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user.

Author(s)

Platform

Linux,PHP,Unix

Architectures

php, cmd, x64, x86

Development

  • Source Code
  • History
  • 查看数 704
  • 已创建
  • 最后回复

参与讨论

你可立刻发布并稍后注册。 如果你有帐户,立刻登录发布帖子。
注意:你的帖子需要版主批准后才能看到。

游客
回帖…