What is CVE-2020-17506?

CVE-2020-17506 is a vulnerability in N/a. Published 2020-08-12.

Is CVE-2020-17506 known to be exploited?

13 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2020-17506

Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator privileges through SQL injection of the apikey parameter in fw.login.php.

EPSS: 0.920 (99.7th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

rapid7/metasploit-framework
20142995/nuclei-templates
ARPSyndicate/cve-scores
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates
Elsfa7-110/kenzer-templates
Live-Hack-CVE/CVE-2020-17506
d4n-sec/d4n-sec.github.io
hangmansROP/proof-of-concepts
l0928h/kate

References

blog.max0x4141.com/post/artica_proxy/ (x_refsource_MISC)
packetstormsecurity.com/files/158868/Artica-Proxy-4.3.0-Authentication-Bypass.h… (x_refsource_MISC)
packetstormsecurity.com/files/159267/Artica-Proxy-4.30.000000-Authentication-By… (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-17506?: CVE-2020-17506 is a vulnerability in N/a. Published 2020-08-12.
Is CVE-2020-17506 known to be exploited?: 13 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.