Summary
Artica is prone to multiple security vulnerabilities including directory- traversal vulnerabilities, security-bypass vulnerabilities, an SQL- injection issue, and an unspecified cross-site scripting issue.
Successfully exploiting the directory-traversal issues allows attackers to view arbitrary local files and directories within the context of the webserver.
Attackers can exploit the SQL-injection issue to carry out unauthorized actions on the underlying database.
Successfully exploiting the security-bypass issues allows remote attackers to bypass certain security restrictions and perform unauthorized actions.
Attackers can exploit the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie- based authentication credentials or launch other attacks.
Artica 1.4.090119 is vulnerable
other versions may also be affected.
Solution
The vendor released a patch. Please see the references for more information.
References
Severity
Classification
-
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
- Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
- Apache Tomcat NIO Connector Denial of Service Vulnerability
- Apache Tomcat Login Constraints Security Bypass Vulnerability
- Admidio get_file.php Remote File Disclosure Vulnerability