CVE-2024-2054

CRITICAL

Artica-Proxy - Unauthenticated Remote Code Execution via PHP Deserialization

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2024-2054. PoCs published by Madan, Madan301, including Metasploit module exploits/linux/http/artica_proxy_unauth_rce_cve_2024_2054.

AI-analyzed exploit summary This exploit targets a deserialization vulnerability in Artica Proxy 4.40/4.50, allowing remote code execution via a crafted payload. It writes a PHP shell to a writable directory and executes arbitrary commands through HTTP GET requests.

Description

The Artica-Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user.

Exploits (3)

exploitdb WORKING POC
by Madan · pythonwebappsphp
https://www.exploit-db.com/exploits/52146

This exploit targets a deserialization vulnerability in Artica Proxy 4.40/4.50, allowing remote code execution via a crafted payload. It writes a PHP shell to a writable directory and executes arbitrary commands through HTTP GET requests.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Artica Proxy 4.40, 4.50
No auth needed
Prerequisites: Network access to the target · Artica Proxy interface exposed on port 9000 (or custom port)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by Madan301 · poc
https://github.com/Madan301/CVE-2024-2054

This repository contains a functional exploit for CVE-2024-2054, an insecure deserialization vulnerability in Artica Proxy's administrative web application. The exploit leverages a base64-encoded PHP payload to achieve remote code execution (RCE) by manipulating the `wiz.upload.php` endpoint.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Artica Proxy (version not specified)
No auth needed
Prerequisites: Network access to the Artica Proxy administrative interface · The target must be running a vulnerable version of Artica Proxy
devstral-2 · analyzed Feb 18, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/artica_proxy_unauth_rce_cve_2024_2054.rb

This Metasploit module exploits an unauthenticated PHP deserialization vulnerability in Artica Proxy versions 4.40 to 4.50, allowing remote code execution as the 'www-data' user via crafted HTTP requests.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Artica Proxy 4.40, 4.50
No auth needed
Prerequisites: Network access to the target's administrative web interface (port 9000)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory third-party-advisory
https://korelogic.com/Resources/Advisories/KL-001-2024-002.txt

Scores

CVSS v3 9.8
EPSS 0.8126
EPSS Percentile 99.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-502
Status published
Products (1)
articatech/artica_proxy 4.50.000000
Published Mar 21, 2024
Tracked Since Feb 18, 2026