Vulnerabilities > Articatech > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-12 | CVE-2020-17506 | SQL Injection vulnerability in Articatech web Proxy 4.30.000000 Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator privileges through SQL injection of the apikey parameter in fw.login.php. | 9.8 |
| 2020-06-22 | CVE-2020-13159 | OS Command Injection vulnerability in Articatech Artica Proxy 4.28.030.418/4.28.030418 Artica Proxy before 4.30.000000 Community Edition allows OS command injection via the Netbios name, Server domain name, dhclient_mac, Hostname, or Alias field. | 9.8 |
| 2017-12-07 | CVE-2017-17055 | OS Command Injection vulnerability in Articatech Artica Proxy Artica Web Proxy before 3.06.112911 allows remote attackers to execute arbitrary code as root by conducting a cross-site scripting (XSS) attack involving the username-form-id parameter to freeradius.users.php. | 9.0 |