Lucene search
K

5 matches found

0day.today
0day.today
added 2018/01/06 12:0 a.m.49 views

gps-server.net GPS Tracking Software < 3.1 - Multiple Vulnerabilities

Exploit for php platform in category web applications Exploit Title: GPS-SERVER.NET SAAS CMS Unfortunately each and every POST request in the CMS is going through function mysqlrealescapestring which will add slashes behind every quote in the payload. So you have to make sure your payload doesn't...

7.5CVSS0.1AI score0.06946EPSS
Exploits6
Exploit DB
Exploit DB
added 2018/01/05 12:0 a.m.61 views

gps-server.net GPS Tracking Software &lt; 3.1 - Multiple Vulnerabilities

Exploit Title: GPS-SERVER.NET SAAS CMS Unfortunately each and every POST request in the CMS is going through function mysqlrealescapestring which will add slashes behind every quote in the payload. So you have to make sure your payload doesn't contain any quote. Fortunately, PHP is flexible enoug...

9.8CVSS9.6AI score0.06946EPSS
Exploits6
NVD
NVD
added 2018/01/02 3:29 p.m.26 views

CVE-2017-17098

The writeLog function in fncommon.php in gps-server.net GPS Tracking Software self hosted through 3.0 allows remote attackers to inject arbitrary PHP code via a crafted request that is mishandled during admin log viewing, as demonstrated by in a login request...

9.8CVSS9.3AI score0.06642EPSS
Exploits5References3
Cvelist
Cvelist
added 2018/01/02 3:0 p.m.38 views

CVE-2017-17098

The writeLog function in fncommon.php in gps-server.net GPS Tracking Software self hosted through 3.0 allows remote attackers to inject arbitrary PHP code via a crafted request that is mishandled during admin log viewing, as demonstrated by in a login request...

9.4AI score0.06642EPSS
Exploits5References3
CVE
CVE
added 2018/01/02 3:0 p.m.67 views

CVE-2017-17098

CVE-2017-17098 affects gps-server.net GPS Tracking Software (self hosted) up to version 3.0. The vulnerability is in the writeLog function in fn_common.php, where crafted input logged during admin log viewing can cause remote code execution by injecting PHP code (example: in a login request). Co...

9.8CVSS9.3AI score0.06642EPSS
Exploits5References3Affected Software1
Rows per page
Query Builder