CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-15052
https://notcve.org/view.php?id=CVE-2020-15052
An issue was discovered in Artica Proxy CE before 4.28.030.418. SQL Injection exists via the Netmask, Hostname, and Alias fields. Se detectó un problema en Artica Proxy CE versiones anteriores al 4.28.030.418. Una inyección SQL se presenta por medio de los campos Netmask, Hostname, y Alias • https://github.com/pratikshad19/CVE-2020-15052 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-15051
https://notcve.org/view.php?id=CVE-2020-15051
An issue was discovered in Artica Proxy before 4.30.000000. Stored XSS exists via the Server Domain Name, Your Email Address, Group Name, MYSQL Server, Database, MYSQL Username, Group Name, and Task Description fields. Se detectó un problema en Artica Proxy versiones anteriores a 4.30.000000. Se presenta una vulnerabilidad de tipo XSS almacenado por medio de los campos Server Domain Name, Your Email Address, Group Name, MYSQL Server, Database, MYSQL Username, Group Name, and Task Description • https://github.com/pratikshad19/CVE-2020-15051 http://artica-proxy.com/telechargements • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 96%CPEs: 1EXPL: 1CVE-2020-13158
https://notcve.org/view.php?id=CVE-2020-13158
Artica Proxy before 4.30.000000 Community Edition allows Directory Traversal via the fw.progrss.details.php popup parameter. Artica Proxy versiones anteriores a 4.30.000000, Community Edition permite un salto de directorio por medio del parámetro popup del archivo fw.progrss.details.php • https://github.com/InfoSec4Fun/CVE-2020-13158 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 3%CPEs: 1EXPL: 1CVE-2020-13159
https://notcve.org/view.php?id=CVE-2020-13159
Artica Proxy before 4.30.000000 Community Edition allows OS command injection via the Netbios name, Server domain name, dhclient_mac, Hostname, or Alias field. NOTE: this may overlap CVE-2020-10818. Artica Proxy versiones anteriores a 4.30.000000, Community Edition permite una inyección de comandos del Sistema Operativo por medio del campo Netbios name, Server domain name, dhclient_mac, Hostname, o Alias. NOTA: esto puede solaparse con CVE-2020-10818 • https://github.com/InfoSec4Fun/CVE-2020-13159 https://sourceforge.net/projects/artica-squid/files • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2020-10818
https://notcve.org/view.php?id=CVE-2020-10818
Artica Proxy 4.26 allows remote command execution for an authenticated user via shell metacharacters in the "Modify the hostname" field. Artica Proxy versión 4.26, permite una ejecución de comandos remota para un usuario autenticado por medio de metacaracteres de shell en el campo "Modify the hostname". • https://code610.blogspot.com/2020/03/rce-in-artica-426.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •