4 matches found
gps-server.net GPS Tracking Software < 3.1 - Multiple Vulnerabilities
Exploit for php platform in category web applications Exploit Title: GPS-SERVER.NET SAAS CMS Unfortunately each and every POST request in the CMS is going through function mysqlrealescapestring which will add slashes behind every quote in the payload. So you have to make sure your payload doesn't...
gps-server.net GPS Tracking Software < 3.1 - Multiple Vulnerabilities
Exploit Title: GPS-SERVER.NET SAAS CMS Unfortunately each and every POST request in the CMS is going through function mysqlrealescapestring which will add slashes behind every quote in the payload. So you have to make sure your payload doesn't contain any quote. Fortunately, PHP is flexible enoug...
CVE-2017-17097
CVE-2017-17097 affects gps-server.net GPS Tracking Software (self hosted). Connected documents confirm a password reset vulnerability in 2.x that allows unauthenticated password resets and sending a predictable, date-based password, enabling remote access. Additional details describe a broader se...
CVE-2017-17097
gps-server.net GPS Tracking Software self hosted 2.x has a password reset procedure that immediately resets passwords upon an unauthenticated request, and then sends e-mail with a predictable date-based password to the admin, which makes it easier for remote attackers to obtain access by predicti...