CVE-2024-2054

Artica Proxy Unauthenticated PHP Deserialization Vulnerability

CVSS 9.8 CRITICALEPSS 81.3%CWE-502

The Artica-Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Artica Tech · Artica Proxy

public PoCs found — 2

githubgithub.com/Madan301/CVE-2024-2054★ 0 exploitdbwww.exploit-db.com/exploits/52146unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://seclists.org/fulldisclosure/2024/Mar/12 https://korelogic.com/Resources/Advisories/KL-001-2024-002.txt