2 matches found
CVE-2018-1000881
Affected product: Traccar Server (versions 4.0 and earlier). The vulnerability is CWE-94 (Code Injection) in ComputedAttributesHandler.java, leading to Remote Command Execution. Exploitation path: via a remote web application request by a self-registered user. Impact per sources: partial confiden...
CVE-2019-5748
CVE-2019-5748 affects Traccar Server 4.2, where protocol/SpotProtocolDecoder.java may allow XML External Entity (XXE) processing. The issue is described across sources as enabling XXE attacks with high impact (CVSSv3.0: 9.8, NETWORK attack, no user interaction). The provided documents do not incl...