CVE-2024-2053

Name of the Vulnerable Software and Affected Versions The Artica Proxy administrative web application version 4.50

Description The Artica Proxy administrative web application deserializes arbitrary PHP objects supplied by unauthenticated users, enabling code execution as the "www-data" user. The application attempts to prevent local file inclusion, but these protections can be bypassed, allowing arbitrary file requests supplied by unauthenticated users to be returned according to the privileges of the "www-data" user.

Recommendations For version 4.50, consider disabling the deserialization of PHP objects until a patch is available. Restrict access to the administrative web application to minimize the risk of exploitation. Avoid using the application until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.