CVE-2020-17506

CRITICAL EXPLOITED NUCLEI

Artica Web Proxy 4.30.00000000 - SQL Injection

Title source: llm

Exploitation Summary

CVE-2020-17506 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 2 public exploits from researchers including Dan Duffy, Max0x4141, including a Metasploit module exploits/linux/http/artica_proxy_auth_bypass_service_cmds_peform_command_injection. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit bypasses authentication in Artica Proxy 4.3.0 via SQL injection and executes arbitrary commands through a command injection vulnerability. It uses a crafted payload to bypass login and then sends commands via a vulnerable endpoint.

Description

Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator privileges through SQL injection of the apikey parameter in fw.login.php.

Exploits (2)

exploitdb WORKING POC

by Dan Duffy · pythonwebappshardware

https://www.exploit-db.com/exploits/48744

View Code ZIP pw:eip

This exploit bypasses authentication in Artica Proxy 4.3.0 via SQL injection and executes arbitrary commands through a command injection vulnerability. It uses a crafted payload to bypass login and then sends commands via a vulnerable endpoint.

Classification

Working Poc 95%

Attack Type

Auth Bypass | Rce

Complexity

Moderate

Reliability

Reliable

Target: Artica Proxy 4.30.00000000

No auth needed

Prerequisites: Network access to the target · Target running Artica Proxy 4.3.0

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1202 - Indirect Command Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by Max0x4141 · rubypocunix

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/artica_proxy_auth_bypass_service_cmds_peform_command_injection.rb

View Code ZIP pw:eip

This Metasploit module exploits an authenticated command injection vulnerability (CVE-2020-17505) in Artica Proxy 4.30.000000, combined with an authentication bypass (CVE-2020-17506) via SQL injection, to achieve remote code execution as root.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Artica Proxy 4.30.000000

No auth needed

Prerequisites: Network access to the target · Target running Artica Proxy 4.30.000000

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1202 - Indirect Command Execution T1110 - Brute Force

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Artica Web Proxy 4.30 - Authentication Bypass/SQL Injection

CRITICALby dwisiswant0

References (3)

Core 3

Core References

Exploit, Third Party Advisory x_refsource_misc

https://blog.max0x4141.com/post/artica_proxy/

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/158868/Artica-Proxy-4.3.0-Authentication-Bypass.html

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/159267/Artica-Proxy-4.30.000000-Authentication-Bypass-Command-Injection.html

Scores

CVSS v3 9.8

EPSS 0.9397

EPSS Percentile 99.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2023-12-01

CWE

CWE-89

Status published

Products (1)

articatech/web_proxy 4.30.000000

Published Aug 12, 2020

Tracked Since Feb 18, 2026