2 results (0.007 seconds)

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

The "Rich Filemanager" feature of Artica Proxy provides a web-based interface for file management capabilities. When the feature is enabled, it does not require authentication by default, and runs as the root user. La función "Rich Filemanager" de Artica Proxy proporciona una interfaz basada en web para capacidades de administración de archivos. Cuando la función está habilitada, no requiere autenticación de forma predeterminada y se ejecuta como usuario raíz. The Rich Filemanager feature of Artica Proxy versions 4.40 and 4.50 provides a web-based interface for file management capabilities. • http://seclists.org/fulldisclosure/2024/Mar/13 https://korelogic.com/Resources/Advisories/KL-001-2024-003.txt • CWE-288: Authentication Bypass Using an Alternate Path or Channel CWE-552: Files or Directories Accessible to External Parties •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user. This issue was demonstrated on version 4.50 of the The Artica-Proxy administrative web application attempts to prevent local file inclusion. These protections can be bypassed and arbitrary file requests supplied by unauthenticated users will be returned according to the privileges of the "www-data" user. La aplicación web administrativa Artica Proxy deserializará objetos PHP arbitrarios proporcionados por usuarios no autenticados y posteriormente permitirá la ejecución de código como usuario "www-data". Este problema se demostró en la versión 4.50 de La aplicación web administrativa Artica-Proxy intenta evitar la inclusión de archivos locales. • http://seclists.org/fulldisclosure/2024/Mar/11 https://korelogic.com/Resources/Advisories/KL-001-2024-001.txt • CWE-23: Relative Path Traversal •