CVE-2017-17055

CRITICAL

Artica Web Proxy <3.06.112911 - XSS

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-17055. PoCs published by hyp3rlinx.

AI-analyzed exploit summary This exploit leverages a reflected XSS vulnerability in Artica Web Proxy's 'freeradius.users.php' to execute arbitrary JavaScript, which then abuses the 'system.terminal.php' endpoint to achieve remote code execution as root.

Description

Artica Web Proxy before 3.06.112911 allows remote attackers to execute arbitrary code as root by conducting a cross-site scripting (XSS) attack involving the username-form-id parameter to freeradius.users.php.

Exploits (1)

exploitdb WORKING POC
by hyp3rlinx · textwebappsphp
https://www.exploit-db.com/exploits/43206

This exploit leverages a reflected XSS vulnerability in Artica Web Proxy's 'freeradius.users.php' to execute arbitrary JavaScript, which then abuses the 'system.terminal.php' endpoint to achieve remote code execution as root.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Artica Web Proxy v3.06.112216
Auth required
Prerequisites: Authenticated access to the Artica Web Proxy interface · Victim interaction (clicking a malicious link or visiting a crafted webpage)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2017/Dec/3
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/43206/

Scores

CVSS v3 9.0
EPSS 0.0871
EPSS Percentile 94.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Details

CWE
CWE-78
Status published
Products (1)
articatech/artica_proxy < 3.06.112911
Published Dec 07, 2017
Tracked Since Feb 18, 2026