CVE-2020-17505

HIGH EXPLOITED NUCLEI

Artica proxy 4.30.000000 Auth Bypass service-cmds-peform Command Injection

Title source: metasploit

Exploitation Summary

CVE-2020-17505 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including Max0x4141, including a Metasploit module exploits/linux/http/artica_proxy_auth_bypass_service_cmds_peform_command_injection. A Nuclei detection template is also available.

AI-analyzed exploit summary This Metasploit module exploits an authenticated command injection vulnerability (CVE-2020-17505) in Artica Proxy 4.30.000000, combined with an authentication bypass (CVE-2020-17506), to achieve remote code execution as root. It leverages SQL injection to bypass authentication and then injects commands via the 'service-cmds-peform' parameter.

Description

Artica Web Proxy 4.30.000000 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via service_cmds_peform.

Exploits (1)

metasploit WORKING POC EXCELLENT

by Max0x4141 · rubypocunix

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/artica_proxy_auth_bypass_service_cmds_peform_command_injection.rb

View Code ZIP pw:eip

This Metasploit module exploits an authenticated command injection vulnerability (CVE-2020-17505) in Artica Proxy 4.30.000000, combined with an authentication bypass (CVE-2020-17506), to achieve remote code execution as root. It leverages SQL injection to bypass authentication and then injects commands via the 'service-cmds-peform' parameter.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Artica Proxy 4.30.000000

No auth needed

Prerequisites: Network access to the target · Target running Artica Proxy 4.30.000000

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Apr 22, 2026 Full analysis →

Nuclei Templates (1)

Artica Web Proxy 4.30 - OS Command Injection

HIGHby dwisiswant0

References (2)

Core 2

Core References

Exploit, Third Party Advisory x_refsource_misc

https://blog.max0x4141.com/post/artica_proxy/

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/159267/Artica-Proxy-4.30.000000-Authentication-Bypass-Command-Injection.html

Scores

CVSS v3 8.8

EPSS 0.8964

EPSS Percentile 99.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2024-01-22

CWE

CWE-78

Status published

Products (1)

articatech/web_proxy 4.30.000000

Published Aug 12, 2020

Tracked Since Feb 18, 2026