CVE-2024-2053

CVE-2024-2053 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including b-L-x. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a functional Python exploit for CVE-2024-2053, targeting Artica Proxy's LFI vulnerability to achieve RCE via log poisoning. The exploit includes methods for testing LFI, injecting PHP payloads into logs, and writing a webshell.

The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user. This issue was demonstrated on version 4.50 of the The Artica-Proxy administrative web application attempts to prevent local file inclusion. These protections can be bypassed and arbitrary file requests supplied by unauthenticated users will be returned according to the privileges of the "www-data" user.