Traccar 2.8

CPE Details

Traccar 2.8
traccar
traccar
2.8
2020-07-15
13h57 +00:00
2020-07-15
13h57 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:traccar:traccar:2.8:*:*:*:*:*:*:*

Informations

Vendor

traccar

Product

traccar

Version

2.8

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-50729 2024-01-15 15h57 +00:00 Traccar is an open source GPS tracking system. Prior to 5.11, Traccar is affected by an unrestricted file upload vulnerability in File feature allows attackers to execute arbitrary code on the server. This vulnerability is more prevalent because Traccar is recommended to run web servers as root user. It is also more dangerous because it can write or overwrite files in arbitrary locations. Version 5.11 was published to fix this vulnerability.
9.8
Critical
CVE-2021-21292 2021-02-02 18h35 +00:00 Traccar is an open source GPS tracking system. In Traccar before version 4.12 there is an unquoted Windows binary path vulnerability. Only Windows versions are impacted. Attacker needs write access to the filesystem on the host machine. If Java path includes a space, then attacker can lift their privilege to the same as Traccar service (system). This is fixed in version 4.12.
6.3
Medium
CVE-2020-5246 2020-07-14 18h42 +00:00 Traccar GPS Tracking System before version 4.9 has a LDAP injection vulnerability. It occurs when user input is being used in LDAP search filter. By providing specially crafted input, an attacker can modify the logic of the LDAP query and get admin privileges. The issue only impacts instances with LDAP configuration and where users can craft their own names. This has been patched in version 4.9.
7.7
High