Published: 02/01/2018 Updated: 18/01/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

The writeLog function in fn_common.php in gps-server.net GPS Tracking Software (self hosted) up to and including 3.0 allows remote malicious users to inject arbitrary PHP code via a crafted request that is mishandled during admin log viewing, as demonstrated by <?php system($_GET[cmd]); ?> in a login request.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gps-server gps tracking software

# Exploit Title: GPS-SERVERNET SAAS CMS <=30 Multiple Vulnerabilities # Exploit Author: Noman Riffat # Vendor Homepage: wwwgps-servernet/ # Software Link: wwwgps-servernet/ # Version: <=30 # Tested on: Linux and Windows # CVE : CVE-2017-17097, CVE-2017-17098 GPS-SERVERNET SAAS CMS Version <=30 Suffers from multiple ...

gps-servernet GPS Tracking Software versions 30 and below suffer from remote code injection and password reset vulnerabilities ...

CWE-94 https://s1.gps-server.net/changelog.txt https://gist.github.com/pak0s/ea7a80c2614d9cd43cfb8230c65c9fec https://www.exploit-db.com/exploits/43431/https://nvd.nist.gov https://www.exploit-db.com/exploits/43431/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-17098

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect