CVE-2020-17505

Artica Web Proxy 4.30.000000 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands...

Basic Information

CVE State: PUBLISHED
Reserved Date: August 12, 2020
Published Date: August 12, 2020
Last Updated: August 04, 2024
Vendor: n/a
Product: n/a
Description: Artica Web Proxy 4.30.000000 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via service_cmds_peform.
Tags

CVSS Scores

CVSS v3.1

8.8 - HIGH

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2.0

9.0

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploit Status

Exploited in the Wild: Yes (2025-10-01 00:00:00 UTC) Source

References

https://blog.max0x4141.com/post/artica_proxy/ http://packetstormsecurity.com/files/159267/Artica-Proxy-4.30.000000-Authentication-Bypass-Command-Injection.html

Known Exploited Vulnerability Information

Source	Added Date
The Shadowserver (via CIRCL)	2025-10-01 00:00:00 UTC

Scanner Integrations

Scanner	URL	Date Detected
Metasploit	https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/artica_proxy_auth_bypass_service_cmds_peform_command_injection.rb	2025-04-28 15:02:05 UTC
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-17505.yaml	2025-04-25 00:00:00 UTC

Timeline

CVE ID Reserved

August 12, 2020
CVE Published to Public

August 12, 2020
Detected by Nuclei

April 25, 2025
Detected by Metasploit

April 28, 2025
Added to KEVIntel

October 01, 2025