CVE-2020-17506

critical

Description

Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator privileges through SQL injection of the apikey parameter in fw.login.php.

References

https://blog.max0x4141.com/post/artica_proxy/

http://packetstormsecurity.com/files/159267/Artica-Proxy-4.30.000000-Authentication-Bypass-Command-Injection.html

http://packetstormsecurity.com/files/158868/Artica-Proxy-4.3.0-Authentication-Bypass.html

Details

Source: Mitre, NVD

Published: 2020-08-12

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.93967

Detections

Analytics