Vulnerabilities > GPS Server > GPS Tracking Software > 2.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-02 | CVE-2017-17098 | Code Injection vulnerability in Gps-Server GPS Tracking Software The writeLog function in fn_common.php in gps-server.net GPS Tracking Software (self hosted) through 3.0 allows remote attackers to inject arbitrary PHP code via a crafted request that is mishandled during admin log viewing, as demonstrated by <?php system($_GET[cmd]); ?> in a login request. | 7.5 |
| 2018-01-02 | CVE-2017-17097 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Gps-Server GPS Tracking Software gps-server.net GPS Tracking Software (self hosted) 2.x has a password reset procedure that immediately resets passwords upon an unauthenticated request, and then sends e-mail with a predictable (date-based) password to the admin, which makes it easier for remote attackers to obtain access by predicting this new password. | 5.0 |