Full title: Artica Proxy Unauthenticated PHP Deserialization Exploit 
Category: web applications
Platform: php
A command injection vulnerability in Artica Proxy appliance versions 4.50 and 4.40 allows remote attackers to run arbitrary commands via an unauthenticated HTTP request. The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the www-data user.

# 0day.today @ http://0day.today/