CVE-2020-17506

Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator privileges through SQL injection of the apikey parameter in fw.login.php.
Configurations

Configuration 1 (hide)

cpe:2.3:a:articatech:web_proxy:4.30.000000:*:*:*:*:*:*:*

History

21 Nov 2024, 05:08

Type Values Removed Values Added
References () http://packetstormsecurity.com/files/158868/Artica-Proxy-4.3.0-Authentication-Bypass.html - Exploit, Third Party Advisory, VDB Entry () http://packetstormsecurity.com/files/158868/Artica-Proxy-4.3.0-Authentication-Bypass.html - Exploit, Third Party Advisory, VDB Entry
References () http://packetstormsecurity.com/files/159267/Artica-Proxy-4.30.000000-Authentication-Bypass-Command-Injection.html - Exploit, Third Party Advisory, VDB Entry () http://packetstormsecurity.com/files/159267/Artica-Proxy-4.30.000000-Authentication-Bypass-Command-Injection.html - Exploit, Third Party Advisory, VDB Entry
References () https://blog.max0x4141.com/post/artica_proxy/ - Exploit, Third Party Advisory () https://blog.max0x4141.com/post/artica_proxy/ - Exploit, Third Party Advisory

21 Nov 2022, 20:31

Type Values Removed Values Added
References (MISC) http://packetstormsecurity.com/files/158868/Artica-Proxy-4.3.0-Authentication-Bypass.html - Third Party Advisory (MISC) http://packetstormsecurity.com/files/158868/Artica-Proxy-4.3.0-Authentication-Bypass.html - Exploit, Third Party Advisory, VDB Entry
References (MISC) http://packetstormsecurity.com/files/159267/Artica-Proxy-4.30.000000-Authentication-Bypass-Command-Injection.html - (MISC) http://packetstormsecurity.com/files/159267/Artica-Proxy-4.30.000000-Authentication-Bypass-Command-Injection.html - Exploit, Third Party Advisory, VDB Entry

Information

Published : 2020-08-12 17:15

Updated : 2024-11-21 05:08


NVD link : CVE-2020-17506

Mitre link : CVE-2020-17506

CVE.ORG link : CVE-2020-17506


JSON object : View

Products Affected

articatech

  • web_proxy
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')