CVE-2021-41739

Name of the Vulnerable Software and Affected Versions Artica Proxy version 4.30.000000

Description A OS Command Injection issue was discovered, allowing attackers to execute OS commands in cyrus.events.php using the GET param logs and the POST param rp.

Recommendations For Artica Proxy version 4.30.000000, as a temporary workaround, consider restricting access to cyrus.events.php to minimize the risk of exploitation. Avoid using the logs and rp parameters in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.