Summary
Artica is prone to multiple security vulnerabilities including directory- traversal vulnerabilities, security-bypass vulnerabilities, an SQL- injection issue, and an unspecified cross-site scripting issue.
Successfully exploiting the directory-traversal issues allows attackers to view arbitrary local files and directories within the context of the webserver.
Attackers can exploit the SQL-injection issue to carry out unauthorized actions on the underlying database.
Successfully exploiting the security-bypass issues allows remote attackers to bypass certain security restrictions and perform unauthorized actions.
Attackers can exploit the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie- based authentication credentials or launch other attacks.
Artica 1.4.090119 is vulnerable
other versions may also be affected.
Solution
The vendor released a patch. Please see the references for more information.
References