Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Traccar Security Vulnerabilities

cve
cve

CVE-2018-1000881

Traccar Traccar Server version 4.0 and earlier contains a CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability in ComputedAttributesHandler.java that can result in Remote Command Execution. This attack appear to be exploitable via Remote: web application request by a self...

9.8CVSS

9.6AI Score

0.002EPSS

2018-12-20 05:29 PM
25
cve
cve

CVE-2019-5748

In Traccar Server version 4.2, protocol/SpotProtocolDecoder.java might allow XXE attacks.

9.8CVSS

9.4AI Score

0.002EPSS

2019-01-09 05:29 PM
22
cve
cve

CVE-2020-5246

Traccar GPS Tracking System before version 4.9 has a LDAP injection vulnerability. It occurs when user input is being used in LDAP search filter. By providing specially crafted input, an attacker can modify the logic of the LDAP query and get admin privileges. The issue only impacts instances with ...

7.7CVSS

6.6AI Score

0.0005EPSS

2020-07-14 09:15 PM
26
cve
cve

CVE-2021-21292

Traccar is an open source GPS tracking system. In Traccar before version 4.12 there is an unquoted Windows binary path vulnerability. Only Windows versions are impacted. Attacker needs write access to the filesystem on the host machine. If Java path includes a space, then attacker can lift their pr...

6.3CVSS

6.2AI Score

0.001EPSS

2021-02-02 08:15 PM
27
4
cve
cve

CVE-2023-50729

Traccar is an open source GPS tracking system. Prior to 5.11, Traccar is affected by an unrestricted file upload vulnerability in File feature allows attackers to execute arbitrary code on the server. This vulnerability is more prevalent because Traccar is recommended to run web servers as root use...

9.8CVSS

9.7AI Score

0.001EPSS

2024-01-15 04:15 PM
21
cve
cve

CVE-2024-24809

Traccar is an open source GPS tracking system. Versions prior to 6.0 are vulnerable to path traversal and unrestricted upload of file with dangerous type. Since the system allows registration by default, attackers can acquire ordinary user permissions by registering an account and exploit this vuln...

8.5CVSS

6.9AI Score

0.001EPSS

2024-04-10 03:16 PM
34
cve
cve

CVE-2024-31214

Traccar is an open source GPS tracking system. Traccar versions 5.1 through 5.12 allow arbitrary files to be uploaded through the device image upload API. Attackers have full control over the file contents, full control over the directory where the file is stored, full control over the file extensi...

9.6CVSS

9.3AI Score

0.0004EPSS

2024-04-10 06:15 PM
40
cve
cve

CVE-2024-7746

Use of Default Credentials vulnerability in Tananaev Solutions Traccar Server on Administrator Panel modules allows Authentication Abuse.This issue affects the privileged transactions implemented by the Traccar solution that should otherwise be protected by the authentication mechanism. These trans...

9.8CVSS

6.8AI Score

0.001EPSS

2024-08-13 04:15 PM
26