Gps-Server Gps Tracking Software vulnerabilities
2 known vulnerabilities affecting gps-server/gps_tracking_software.
Total CVEs
2
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
CRITICAL2
Vulnerabilities
Page 1 of 1
CVE-2017-17097P2CRITICALCVSS 9.8PoCv2.1.1v2.1.2+31 more2018-01-02
CVE-2017-17097 [CRITICAL] CWE-640 CVE-2017-17097: gps-server.net GPS Tracking Software (self hosted) 2.x has a password reset procedure that immediate
gps-server.net GPS Tracking Software (self hosted) 2.x has a password reset procedure that immediately resets passwords upon an unauthenticated request, and then sends e-mail with a predictable (date-based) password to the admin, which makes it easier for remote attackers to obtain access by predicting this new password. This is related to the use
nvd
CVE-2017-17098P2CRITICALCVSS 9.8PoC≤ 3.02018-01-02
CVE-2017-17098 [CRITICAL] CWE-94 CVE-2017-17098: The writeLog function in fn_common.php in gps-server.net GPS Tracking Software (self hosted) through
The writeLog function in fn_common.php in gps-server.net GPS Tracking Software (self hosted) through 3.0 allows remote attackers to inject arbitrary PHP code via a crafted request that is mishandled during admin log viewing, as demonstrated by in a login request.
nvd