CVE-2020-13159

CRITICAL

Artica Proxy <4.30.000000 - Command Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-13159. PoCs published by InfoSec4Fun.

AI-analyzed exploit summary This repository contains a writeup describing CVE-2020-13159, an OS command injection vulnerability in Artica Proxy before version 4.30.000000 Community Edition. The vulnerability allows remote attackers to execute arbitrary commands via multiple parameters in the web interface.

Description

Artica Proxy before 4.30.000000 Community Edition allows OS command injection via the Netbios name, Server domain name, dhclient_mac, Hostname, or Alias field. NOTE: this may overlap CVE-2020-10818.

Exploits (1)

nomisec WRITEUP

by InfoSec4Fun · poc

https://github.com/InfoSec4Fun/CVE-2020-13159

View Code ZIP pw:eip

This repository contains a writeup describing CVE-2020-13159, an OS command injection vulnerability in Artica Proxy before version 4.30.000000 Community Edition. The vulnerability allows remote attackers to execute arbitrary commands via multiple parameters in the web interface.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Artica Proxy Community Edition before 4.30.000000

Auth required

Prerequisites: Access to the Artica Proxy web interface · Valid credentials if authentication is required

MITRE ATT&CK

T1202 - Indirect Command Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Product, Third Party Advisory x_refsource_misc

https://sourceforge.net/projects/artica-squid/files/

Exploit, Third Party Advisory x_refsource_misc

https://github.com/InfoSec4Fun/CVE-2020-13159

Scores

CVSS v3 9.8

EPSS 0.0932

EPSS Percentile 94.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-78

Status published

Products (1)

articatech/artica_proxy < 4.30.000000

Published Jun 22, 2020

Tracked Since Feb 18, 2026