CVE-2024-2053 Vulnerability Details

  /     /     /  

CVE-2024-2053 Metadata Quick Info

CVE Published: 05/03/2024 | CVE Updated: 06/08/2024 | CVE Year: 2024
Source: AHA | Vendor: Artica Tech | Product: Artica Proxy
Status : PUBLISHED

---

CVE-2024-2053 Description

The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user. This issue was demonstrated on version 4.50 of the The Artica-Proxy administrative web application attempts to prevent local file inclusion. These protections can be bypassed and arbitrary file requests supplied by unauthenticated users will be returned according to the privileges of the "www-data" user.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-23
CWE Name: CWE-23 Relative Path Traversal
Source: Artica Tech

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).