CVE-2024-2053: Artica Proxy Unauthenticated LFI Protection Bypass Vulnerability
First published: Tue Mar 05 2024(Updated: )
The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user. This issue was demonstrated on version 4.50 of the The Artica-Proxy administrative web application attempts to prevent local file inclusion. These protections can be bypassed and arbitrary file requests supplied by unauthenticated users will be returned according to the privileges of the "www-data" user.
Credit: cve@takeonme.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Artica Proxy |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-2053?
CVE-2024-2053 has a high severity rating due to the potential for remote code execution by unauthenticated users.
How do I fix CVE-2024-2053?
To fix CVE-2024-2053, update the Artica Proxy administrative web application to the latest version available that addresses this vulnerability.
What type of vulnerability is CVE-2024-2053?
CVE-2024-2053 is a deserialization vulnerability that allows for arbitrary PHP object manipulation.
Who is affected by CVE-2024-2053?
CVE-2024-2053 affects users of the Artica Proxy administrative web application, specifically version 4.50.
What can an attacker achieve with CVE-2024-2053?
An attacker exploiting CVE-2024-2053 can execute arbitrary code on the server with the privileges of the "www-data" user.
- agent/weakness
- agent/title
- agent/type
- agent/first-publish-date
- agent/references
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/event
- agent/source
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/description
- agent/tags
- agent/guess-ai
- vendor/artica