← back
CVE-2017-17098

CVE-2017-17098

EPSS 6.6%
The writeLog function in fn_common.php in gps-server.net GPS Tracking Software (self hosted) through 3.0 allows remote attackers to inject arbitrary PHP code via a crafted request that is mishandled during admin log viewing, as demonstrated by <?php system($_GET[cmd]); ?> in a login request.
Affected products
n/a · n/a
public PoCs found2
cve_referencewww.exploit-db.com/exploits/43431/unverifiedexploitdbwww.exploit-db.com/exploits/43431unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://gist.github.com/pak0s/ea7a80c2614d9cd43cfb8230c65c9fechttps://s1.gps-server.net/changelog.txthttps://www.exploit-db.com/exploits/43431/