CVE-2020-17506

Name of the Vulnerable Software and Affected Versions: Artica Web Proxy version 4.30.00000000

Description: The issue is related to a lack of protection against SQL structure manipulation in the fw.login.php component. This can be exploited by a remote attacker to bypass privilege detection and gain web backend administrator privileges through SQL injection of the apikey parameter. The exploitation may allow an attacker to execute arbitrary code with root privileges.

Recommendations: For Artica Web Proxy version 4.30.00000000, consider disabling the fw.login.php component or restricting access to it until a patch is available. Avoid using the apikey parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.