Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
traccar vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-50729
Traccar is an open source GPS tracking system. before 5.11, Traccar is affected by an unrestricted file upload vulnerability in File feature allows malicious users to execute arbitrary code on the server. This vulnerability is more prevalent because Traccar is recommended to run ...
Traccar Traccar
356
VMScore
CVE-2020-5246
Traccar GPS Tracking System before version 4.9 has a LDAP injection vulnerability. It occurs when user input is being used in LDAP search filter. By providing specially crafted input, an attacker can modify the logic of the LDAP query and get admin privileges. The issue only impa...
Traccar Traccar
169
VMScore
CVE-2021-21292
Traccar is an open source GPS tracking system. In Traccar before version 4.12 there is an unquoted Windows binary path vulnerability. Only Windows versions are impacted. Attacker needs write access to the filesystem on the host machine. If Java path includes a space, then attacke...
Traccar Traccar
668
VMScore
CVE-2018-1000881
Traccar Traccar Server version 4.0 and previous versions contains a CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability in ComputedAttributesHandler.java that can result in Remote Command Execution. This attack appear to be exploitable via Re...
Traccar Server
668
VMScore
CVE-2019-5748
In Traccar Server version 4.2, protocol/SpotProtocolDecoder.java might allow XXE attacks.
Traccar Server 4.2
NA
CVE-2024-31214
Traccar is an open source GPS tracking system. Traccar versions 5.1 up to and including 5.12 allow arbitrary files to be uploaded through the device image upload API. Attackers have full control over the file contents, full control over the directory where the file is stored, ful...
NA
CVE-2024-24809
Traccar is an open source GPS tracking system. Versions before 6.0 are vulnerable to path traversal and unrestricted upload of file with dangerous type. Since the system allows registration by default, attackers can acquire ordinary user permissions by registering an account and ...
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700
CVE-2022-48689
CVE-2024-27956
CVE-2023-6363
SQL
NULL pointer dereference
CVE-2023-41830
CVE-2015-2051
arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started