Vulnerability Details CVE-2018-1000881
Traccar Traccar Server version 4.0 and earlier contains a CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability in ComputedAttributesHandler.java that can result in Remote Command Execution. This attack appear to be exploitable via Remote: web application request by a self-registered user. This vulnerability appears to have been fixed in 4.1 and later.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.08
EPSS Ranking 91.8%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2018-1000881
-
cpe:2.3:a:traccar:server:0.1
-
cpe:2.3:a:traccar:server:0.2
-
cpe:2.3:a:traccar:server:0.3
-
cpe:2.3:a:traccar:server:0.4
-
cpe:2.3:a:traccar:server:0.5
-
cpe:2.3:a:traccar:server:0.6
-
cpe:2.3:a:traccar:server:0.7
-
cpe:2.3:a:traccar:server:0.8
-
cpe:2.3:a:traccar:server:1.0
-
cpe:2.3:a:traccar:server:1.1
-
cpe:2.3:a:traccar:server:1.2
-
cpe:2.3:a:traccar:server:1.3
-
cpe:2.3:a:traccar:server:1.4
-
cpe:2.3:a:traccar:server:2.0
-
cpe:2.3:a:traccar:server:2.1
-
cpe:2.3:a:traccar:server:2.10
-
cpe:2.3:a:traccar:server:2.11
-
cpe:2.3:a:traccar:server:2.12
-
cpe:2.3:a:traccar:server:2.2
-
cpe:2.3:a:traccar:server:2.3
-
cpe:2.3:a:traccar:server:2.4
-
cpe:2.3:a:traccar:server:2.5
-
cpe:2.3:a:traccar:server:2.6
-
cpe:2.3:a:traccar:server:2.7
-
cpe:2.3:a:traccar:server:2.8
-
cpe:2.3:a:traccar:server:2.9
-
cpe:2.3:a:traccar:server:3.0
-
cpe:2.3:a:traccar:server:3.1
-
cpe:2.3:a:traccar:server:3.10
-
cpe:2.3:a:traccar:server:3.11
-
cpe:2.3:a:traccar:server:3.12
-
cpe:2.3:a:traccar:server:3.13
-
cpe:2.3:a:traccar:server:3.14
-
cpe:2.3:a:traccar:server:3.15
-
cpe:2.3:a:traccar:server:3.16
-
cpe:2.3:a:traccar:server:3.17
-
cpe:2.3:a:traccar:server:3.2
-
cpe:2.3:a:traccar:server:3.3
-
cpe:2.3:a:traccar:server:3.4
-
cpe:2.3:a:traccar:server:3.5
-
cpe:2.3:a:traccar:server:3.6
-
cpe:2.3:a:traccar:server:3.7
-
cpe:2.3:a:traccar:server:3.8
-
cpe:2.3:a:traccar:server:3.9
-
cpe:2.3:a:traccar:server:4.0