CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-17098

The writeLog function in fn_common.php in gps-server.net GPS Tracking Software (self hosted) through 3.0 allows remote attackers to inject arbitrary PHP code via a crafted request that is mishandled during admin log viewing, as demonstrated by <?php system($_GET[cmd]); ?> in a login request.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.312

EPSS Ranking 96.6%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

Products affected by CVE-2017-17098

Gps-Server » Gps Tracking Software » Version: 2.1.1

cpe:2.3:a:gps-server:gps_tracking_software:2.1.1
Gps-Server » Gps Tracking Software » Version: 2.1.2

cpe:2.3:a:gps-server:gps_tracking_software:2.1.2
Gps-Server » Gps Tracking Software » Version: 2.1.3

cpe:2.3:a:gps-server:gps_tracking_software:2.1.3
Gps-Server » Gps Tracking Software » Version: 2.1.4

cpe:2.3:a:gps-server:gps_tracking_software:2.1.4
Gps-Server » Gps Tracking Software » Version: 2.1.5

cpe:2.3:a:gps-server:gps_tracking_software:2.1.5
Gps-Server » Gps Tracking Software » Version: 2.1.6

cpe:2.3:a:gps-server:gps_tracking_software:2.1.6
Gps-Server » Gps Tracking Software » Version: 2.1.7

cpe:2.3:a:gps-server:gps_tracking_software:2.1.7
Gps-Server » Gps Tracking Software » Version: 2.1.8

cpe:2.3:a:gps-server:gps_tracking_software:2.1.8
Gps-Server » Gps Tracking Software » Version: 2.1.9

cpe:2.3:a:gps-server:gps_tracking_software:2.1.9
Gps-Server » Gps Tracking Software » Version: 2.2

cpe:2.3:a:gps-server:gps_tracking_software:2.2
Gps-Server » Gps Tracking Software » Version: 2.2.1

cpe:2.3:a:gps-server:gps_tracking_software:2.2.1
Gps-Server » Gps Tracking Software » Version: 2.2.2

cpe:2.3:a:gps-server:gps_tracking_software:2.2.2
Gps-Server » Gps Tracking Software » Version: 2.2.5

cpe:2.3:a:gps-server:gps_tracking_software:2.2.5
Gps-Server » Gps Tracking Software » Version: 2.2.7

cpe:2.3:a:gps-server:gps_tracking_software:2.2.7
Gps-Server » Gps Tracking Software » Version: 2.3

cpe:2.3:a:gps-server:gps_tracking_software:2.3
Gps-Server » Gps Tracking Software » Version: 2.3.2

cpe:2.3:a:gps-server:gps_tracking_software:2.3.2
Gps-Server » Gps Tracking Software » Version: 2.3.5

cpe:2.3:a:gps-server:gps_tracking_software:2.3.5
Gps-Server » Gps Tracking Software » Version: 2.4

cpe:2.3:a:gps-server:gps_tracking_software:2.4
Gps-Server » Gps Tracking Software » Version: 2.4.5

cpe:2.3:a:gps-server:gps_tracking_software:2.4.5
Gps-Server » Gps Tracking Software » Version: 2.5

cpe:2.3:a:gps-server:gps_tracking_software:2.5
Gps-Server » Gps Tracking Software » Version: 2.5.5

cpe:2.3:a:gps-server:gps_tracking_software:2.5.5
Gps-Server » Gps Tracking Software » Version: 2.5.7

cpe:2.3:a:gps-server:gps_tracking_software:2.5.7
Gps-Server » Gps Tracking Software » Version: 2.5.8

cpe:2.3:a:gps-server:gps_tracking_software:2.5.8
Gps-Server » Gps Tracking Software » Version: 2.5.9

cpe:2.3:a:gps-server:gps_tracking_software:2.5.9
Gps-Server » Gps Tracking Software » Version: 2.6

cpe:2.3:a:gps-server:gps_tracking_software:2.6
Gps-Server » Gps Tracking Software » Version: 2.7

cpe:2.3:a:gps-server:gps_tracking_software:2.7
Gps-Server » Gps Tracking Software » Version: 2.8

cpe:2.3:a:gps-server:gps_tracking_software:2.8
Gps-Server » Gps Tracking Software » Version: 2.8.5

cpe:2.3:a:gps-server:gps_tracking_software:2.8.5
Gps-Server » Gps Tracking Software » Version: 2.9

cpe:2.3:a:gps-server:gps_tracking_software:2.9
Gps-Server » Gps Tracking Software » Version: 2.9.1

cpe:2.3:a:gps-server:gps_tracking_software:2.9.1
Gps-Server » Gps Tracking Software » Version: 2.9.2

cpe:2.3:a:gps-server:gps_tracking_software:2.9.2
Gps-Server » Gps Tracking Software » Version: 2.9.5

cpe:2.3:a:gps-server:gps_tracking_software:2.9.5
Gps-Server » Gps Tracking Software » Version: 2.9.6

cpe:2.3:a:gps-server:gps_tracking_software:2.9.6
Gps-Server » Gps Tracking Software » Version: 3.0

cpe:2.3:a:gps-server:gps_tracking_software:3.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-17098

Products

Pricing

Contact Us