CVE-2020-13159

CRITICAL

Artica Proxy <4.30.000000 - Command Injection

Title source: llm

Description

Artica Proxy before 4.30.000000 Community Edition allows OS command injection via the Netbios name, Server domain name, dhclient_mac, Hostname, or Alias field. NOTE: this may overlap CVE-2020-10818.

Exploits (1)

nomisec WRITEUP

by InfoSec4Fun · poc

https://github.com/InfoSec4Fun/CVE-2020-13159

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory] https://github.com/InfoSec4Fun/CVE-2020-13159

[Product, Third Party Advisory] https://sourceforge.net/projects/artica-squid/files/

Scores

CVSS v3 9.8

EPSS 0.1765

EPSS Percentile 95.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-78

Status published

Products (1)

articatech/artica_proxy < 4.30.000000

Published Jun 22, 2020

Tracked Since Feb 18, 2026