CVE-2024-2053

CVE-2024-2053: Artica Proxy Unauthenticated LFI Protection Bypass Vulnerability

Vendor Artica Tech

Product Artica Proxy

Weakness CWE-23

Published March 5, 2024

Last update February 13, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user. This issue was demonstrated on version 4.50 of the The Artica-Proxy administrative web application attempts to prevent local file inclusion. These protections can be bypassed and arbitrary file requests supplied by unauthenticated users will be returned according to the privileges of the "www-data" user.

Key dates

02Disclosure timeline

March 5, 2024 CVE published

February 13, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-2053

Related vulnerabilities

Identifiers

CVE CVE-2024-2053

CWE CWE-23

Affected versions

Vendor Artica Tech

Product Artica Proxy

Affected 4.50

Vendor Artica Tech

Product Artica Proxy

Affected 4.40

CVE-2024-2053: Artica Proxy Unauthenticated LFI Protection Bypass Vulnerability

01Description

02Disclosure timeline

03References

04Related CVE