exploitDog

CVE-2018-1000881

Опубликовано: 20 дек. 2018

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

Traccar Traccar Server version 4.0 and earlier contains a CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability in ComputedAttributesHandler.java that can result in Remote Command Execution. This attack appear to be exploitable via Remote: web application request by a self-registered user. This vulnerability appears to have been fixed in 4.1 and later.

Ссылки

https://appcheck-ng.com/advisory-remote-code-execution-traccar-server/
Exploit
Third Party Advisory
https://appcheck-ng.com/advisory-remote-code-execution-traccar-server/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:traccar:server:*:*:*:*:*:*:*:*

Версия до 4.0 (включая)

EPSS

Процентиль: 92%

0.08043

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-94

Связанные уязвимости

GHSA-v228-g7xp-x783

CVSS3: 9.8

github

больше 3 лет назад

Traccar Traccar Server version 4.0 and earlier contains a CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability in ComputedAttributesHandler.java that can result in Remote Command Execution. This attack appear to be exploitable via Remote: web application request by a self-registered user. This vulnerability appears to have been fixed in 4.1 and later.

EPSS

Процентиль: 92%

0.08043

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-94