Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
traccar vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-50729
Traccar is an open source GPS tracking system. before 5.11, Traccar is affected by an unrestricted file upload vulnerability in File feature allows malicious users to execute arbitrary code on the server. This vulnerability is more prevalent because Traccar is recommended to run ...
Traccar Traccar
6.5
CVSSv3
CVE-2020-5246
Traccar GPS Tracking System before version 4.9 has a LDAP injection vulnerability. It occurs when user input is being used in LDAP search filter. By providing specially crafted input, an attacker can modify the logic of the LDAP query and get admin privileges. The issue only impa...
Traccar Traccar
6.3
CVSSv3
CVE-2021-21292
Traccar is an open source GPS tracking system. In Traccar before version 4.12 there is an unquoted Windows binary path vulnerability. Only Windows versions are impacted. Attacker needs write access to the filesystem on the host machine. If Java path includes a space, then attacke...
Traccar Traccar
9.8
CVSSv3
CVE-2018-1000881
Traccar Traccar Server version 4.0 and previous versions contains a CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability in ComputedAttributesHandler.java that can result in Remote Command Execution. This attack appear to be exploitable via Re...
Traccar Server
9.8
CVSSv3
CVE-2019-5748
In Traccar Server version 4.2, protocol/SpotProtocolDecoder.java might allow XXE attacks.
Traccar Server 4.2
NA
CVE-2024-31214
Traccar is an open source GPS tracking system. Traccar versions 5.1 up to and including 5.12 allow arbitrary files to be uploaded through the device image upload API. Attackers have full control over the file contents, full control over the directory where the file is stored, ful...
NA
CVE-2024-24809
Traccar is an open source GPS tracking system. Versions before 6.0 are vulnerable to path traversal and unrestricted upload of file with dangerous type. Since the system allows registration by default, attackers can acquire ordinary user permissions by registering an account and ...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started