Security researchers have found a vulnerability in Artica Proxy version 4.30.000000 with authentication bypass and command injection.
Artica Proxy is a system that provide a sexy Web Ajax console in order manage a full Proxy server without any technical skill and with latest Squid technology.
It provide surls filtering with french Toulouse University and Artica database – over 30.000.000 websites.
There are many statistics per users or categories or websites and features in order to manage Internet bandwith.
It provides FireWall/QOS features. Can work in Transparent mode or connected to an Activ Directory/OpenLDAP members database.
This Metasploit module exploits an authenticated command injection vulnerability in Artica Proxy, combined with an authentication bypass discovered on the same version, it is possible to trigger the vulnerability without knowing the credentials.
The application runs in a virtual appliance and successful exploitation of this vulnerability yields remote code execution as root on the remote system.
There is no update available to fix this issue.