Vulnerability Details CVE-2020-17505
Artica Web Proxy 4.30.000000 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via service_cmds_peform.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.902
EPSS Ranking 99.6%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 9.0
References
- http://packetstormsecurity.com/files/159267/Artica-Proxy-4.30.000000-Authentication-Bypass-Command-Injection.html
- https://blog.max0x4141.com/post/artica_proxy/
- http://packetstormsecurity.com/files/159267/Artica-Proxy-4.30.000000-Authentication-Bypass-Command-Injection.html
- https://blog.max0x4141.com/post/artica_proxy/
Products affected by CVE-2020-17505
-
cpe:2.3:a:articatech:web_proxy:4.30.000000