5 matches found
gps-server.net GPS Tracking Software < 3.1 - Multiple Vulnerabilities
Exploit for php platform in category web applications Exploit Title: GPS-SERVER.NET SAAS CMS Unfortunately each and every POST request in the CMS is going through function mysqlrealescapestring which will add slashes behind every quote in the payload. So you have to make sure your payload doesn't...
gps-server.net GPS Tracking Software < 3.1 - Multiple Vulnerabilities
Exploit Title: GPS-SERVER.NET SAAS CMS Unfortunately each and every POST request in the CMS is going through function mysqlrealescapestring which will add slashes behind every quote in the payload. So you have to make sure your payload doesn't contain any quote. Fortunately, PHP is flexible enoug...
CVE-2017-17098
The writeLog function in fncommon.php in gps-server.net GPS Tracking Software self hosted through 3.0 allows remote attackers to inject arbitrary PHP code via a crafted request that is mishandled during admin log viewing, as demonstrated by in a login request...
CVE-2017-17098
The writeLog function in fncommon.php in gps-server.net GPS Tracking Software self hosted through 3.0 allows remote attackers to inject arbitrary PHP code via a crafted request that is mishandled during admin log viewing, as demonstrated by in a login request...
CVE-2017-17098
CVE-2017-17098 affects gps-server.net GPS Tracking Software (self hosted) up to version 3.0. The vulnerability is in the writeLog function in fn_common.php, where crafted input logged during admin log viewing can cause remote code execution by injecting PHP code (example: in a login request). Co...