Articatech: >> Artica Proxy Security Vulnerabilities
Artica Proxy before 4.30.000000 Community Edition allows OS command injection via the Netbios name, Server domain name, dhclient_mac, Hostname, or Alias field. NOTE: this may overlap CVE-2020-10818.
CVSS Score
9.8
EPSS Score
0.176
Published
2020-06-22
Artica Proxy 4.26 allows remote command execution for an authenticated user via shell metacharacters in the "Modify the hostname" field.
CVSS Score
7.2
EPSS Score
0.076
Published
2020-03-22
Artica Proxy 3.06.200056 allows remote attackers to execute arbitrary commands as root by reading the ressources/settings.inc ldap_admin and ldap_password fields, using these credentials at logon.php, and then entering the commands in the admin.index.php command-line field.
CVSS Score
7.2
EPSS Score
0.027
Published
2019-02-01
Artica Web Proxy before 3.06.112911 allows remote attackers to execute arbitrary code as root by conducting a cross-site scripting (XSS) attack involving the username-form-id parameter to freeradius.users.php.
CVSS Score
9.0
EPSS Score
0.046
Published
2017-12-07
Page 2