Artica is prone to multiple security vulnerabilities including directory- traversal vulnerabilities, security-bypass vulnerabilities, an SQL- injection issue, and an unspecified cross-site scripting issue. Successfully exploiting the directory-traversal issues allows attackers to view arbitrary local files and directories within the context of the webserver. Attackers can exploit the SQL-injection issue to carry out unauthorized actions on the underlying database. Successfully exploiting the security-bypass issues allows remote attackers to bypass certain security restrictions and perform unauthorized actions. Attackers can exploit the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie- based authentication credentials or launch other attacks. Artica 1.4.090119 is vulnerable other versions may also be affected.

The vendor released a patch. Please see the references for more information.

• http://www.artica.fr/
• http://www.artica.fr/index.php/get-a-download-artica/nightly-builds
• https://www.securityfocus.com/bid/43613

---

Updated on 2015-03-25