CVE-2024-2054

CVE-2024-2054: Artica Proxy Unauthenticated PHP Deserialization Vulnerability

Vendor Artica Tech
Product Artica Proxy
Weakness CWE-502 · Unsafe deserialization
Published March 5, 2024
Last update February 13, 2025

CVSS base score

What the vulnerability does

01Description

The Artica-Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user.

Key dates

02Disclosure timeline

March 5, 2024 CVE published
February 13, 2025 Record updated