CVE-2020-17506

CRITICAL EXPLOITED NUCLEI

Artica Web Proxy 4.30.00000000 - SQL Injection

Title source: llm

Description

Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator privileges through SQL injection of the apikey parameter in fw.login.php.

Exploits (2)

exploitdb WORKING POC

by Dan Duffy · pythonwebappshardware

https://www.exploit-db.com/exploits/48744

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by Max0x4141 · rubypocunix

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/artica_proxy_auth_bypass_service_cmds_peform_command_injection.rb

View Code ZIP pw:eip

Nuclei Templates (1)

Artica Web Proxy 4.30 - Authentication Bypass/SQL Injection

CRITICALby dwisiswant0

References (3)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/158868/Artica-Proxy-4.3.0-Authentication-Bypass.html

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/159267/Artica-Proxy-4.30.000000-Authentication-Bypass-Command-Injection.html

[Exploit, Third Party Advisory] https://blog.max0x4141.com/post/artica_proxy/

Scores

CVSS v3 9.8

EPSS 0.9197

EPSS Percentile 99.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2023-12-01

CWE

CWE-89

Status published

Products (1)

articatech/web_proxy 4.30.000000

Published Aug 12, 2020

Tracked Since Feb 18, 2026